Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp362378ybl; Fri, 23 Aug 2019 01:56:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1TfKPTGpnur7nyh15v54k0PxxgfY7B7+BfTkRVm3Ai/+KssTog0r6T5r88hklN3ppl4eQ X-Received: by 2002:a62:6045:: with SMTP id u66mr3823474pfb.261.1566550562567; Fri, 23 Aug 2019 01:56:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566550562; cv=none; d=google.com; s=arc-20160816; b=q4AHX9CtncIteVuU5gVC3P+bYXNrYL/GVMC6H5vPZKTvU95qWnsLj3v9kwyBptKz2J +9Js/JhM+cO9Qfn4VwNmzkrpTt7lTf9m/k8W884UdQ6uXONrY28qV1ieL06I/kUEdXMC 83DL/lzSz6r23H7OBG0bWACHSLla6PC3IAA+f57ju6lLIGKir0GJY32FBQxGo8ocPzwV D9mJ/NRYjMVjreCUKF02Za+9O5Pu7OGzBPgEuQuR4wpBcfBEH3qWUkDxgl0FVb8mmnIj gpF7qKK/Ecm4SSFdK04KiIyLoTqOgBSApCFgTBsfDtkxkzBlQgXEdoPOZxw4Ph8gmxCY 4cPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=1K0Ff9vQjGlHT8JEy3hKgXcMx4CS4C6pkWz11yYrpNM=; b=Pk2WNhHI5e4fj2Y9iPQX/hGA7tss4BQJ95Y74IT84z+dGNjG148Pwk15UMUneIn+cV Rg4nBuH4JPNjibSTy6y0IopztWZ5b/0tTgzUnUvvTns2gYXOyGs7y18aACanKtWgUu/X og74tGZJKkdicC442zGYw1m7T3NuwdDyE7LgBjWRIi2oQwO2w2ndjOLKbY/26QcunHrH NTIunthYLr942J3iYmrjlif/XSCuOACEOcUATwPorg6PaKc+QabeK/D8XqLN/OBgK8FI +nmZ+4pKZeGTm/Y4LwnO+JVAPJ2E4BYlWiOFtqbHvRBLGJk5jxnQl0BRBJB8Tig9Ib0Q 2d9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a15si2108400pfg.87.2019.08.23.01.55.46; Fri, 23 Aug 2019 01:56:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405581AbfHVXLJ (ORCPT + 99 others); Thu, 22 Aug 2019 19:11:09 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:50332 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405569AbfHVXLJ (ORCPT ); Thu, 22 Aug 2019 19:11:09 -0400 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::d71]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 087661539127A; Thu, 22 Aug 2019 16:11:08 -0700 (PDT) Date: Thu, 22 Aug 2019 16:11:07 -0700 (PDT) Message-Id: <20190822.161107.2184839851828646253.davem@davemloft.net> To: wenwen@cs.uga.edu Cc: rfontana@redhat.com, alexios.zavras@intel.com, allison@lohutok.net, gregkh@linuxfoundation.org, tglx@linutronix.de, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] net: pch_gbe: Fix memory leaks From: David Miller In-Reply-To: <1566361206-5135-1-git-send-email-wenwen@cs.uga.edu> References: <1566361206-5135-1-git-send-email-wenwen@cs.uga.edu> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Thu, 22 Aug 2019 16:11:08 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wenwen Wang Date: Tue, 20 Aug 2019 23:20:05 -0500 > In pch_gbe_set_ringparam(), if netif_running() returns false, 'tx_old' and > 'rx_old' are not deallocated, leading to memory leaks. To fix this issue, > move the free statements to the outside of the if() statement. > > Signed-off-by: Wenwen Wang Something still is not right here. > diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c > index 1a3008e..cb43919 100644 > --- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c > +++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c > @@ -340,12 +340,10 @@ static int pch_gbe_set_ringparam(struct net_device *netdev, > goto err_setup_tx; > pch_gbe_free_rx_resources(adapter, rx_old); > pch_gbe_free_tx_resources(adapter, tx_old); > - kfree(tx_old); > - kfree(rx_old); > - adapter->rx_ring = rxdr; > - adapter->tx_ring = txdr; > err = pch_gbe_up(adapter); > } > + kfree(tx_old); > + kfree(rx_old); If the if() condition ending here is not taken, you cannot just free these two pointers. You are then leaking the memory which would normally be liberated by pch_gbe_free_rx_resources() and pch_gbe_free_tx_resources(). What's more, in this same situation, the rx_old->dma value is probably still programmed into the hardware, and therefore the device still could potentially DMA read/write to that memory. I think the fix here is not simple, and you will need to do more extensive research in order to fix this properly. I'm not applying this, sorry.