Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp692182ybv;
        Thu, 13 Feb 2020 07:51:58 -0800 (PST)
X-Google-Smtp-Source: APXvYqyHZjV4g+iqrcv3RmeXPmf1MRVhKK4KVZKWWVFYv6Sn5B6911jyjCo+qbUlrTA0UXHSebfU
X-Received: by 2002:aca:f587:: with SMTP id t129mr3201407oih.143.1581609118229;
        Thu, 13 Feb 2020 07:51:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581609118; cv=none;
        d=google.com; s=arc-20160816;
        b=tclTFpTKL5X8Rmbx3LOPbEjGzF4gzVLpLAy2zlK35V/2xgPW/CceE0PfaSVBVdyp9Y
         C9MRHlqpBAyVo8+mT5R8Zwj9sZkapzovitMTb+oJkGJp0mD32+L177XTRo46UfTdVvMD
         0IOvaASwULPxTrvS2wYqD0OzD0YLYKjQtD62ozksjaJk8zKuablO/JKerF4PuOA1YpaG
         qYzbR2P1bZYL/7tGOZHMoEIlBjQRKSifyJ+YKXsM95cmc6Ca2tcP/Cu9ix3+oq/rZUi6
         ikQgbIdYWDp0nXfRlESWVMReG/oCE8L9dTNkggJN+U5sq4eLX1lVUJ5+8zd5zqpLY+Xe
         0WEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=6RSJILFNBSa4Rbv/YK6S3q/ebZ69LN6zDSBStY7toTI=;
        b=LWXqupXMPm6B/ZuPL3anBAu0AzmrNHlP7rYgIOth/P7CO+3YLRPAXPqyvvfIZJH217
         p+NURnu/rCmovHEUcnalBAAETgpdbfj7p4m+SgPdqFGR4pTtrfP7lg848QB48kKYmVGb
         L8e3OEYzi5sLJhAMOybZNiTWSQ8CNECv+iQcjURMVtmwphmAB8S4eWHFW/xA5adjaHLb
         WXrqt2J7JbbRWBbJoaNGk9EM9zM30wuxqIs7EvBmCHnMaZ11scHrcNKsMHDZfJ1gMFJT
         5svFdR0Lyk0GRIFID+uK9wIsiHzh0inIZRE3QShIp56ngQRc4PbIRMEVRT/uEu+HKn0N
         S9CQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="k8OxENi/";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q126si1332584oia.8.2020.02.13.07.51.45;
        Thu, 13 Feb 2020 07:51:58 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="k8OxENi/";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388103AbgBMPul (ORCPT <rfc822;kernelgary@gmail.com>
        + 99 others); Thu, 13 Feb 2020 10:50:41 -0500
Received: from mail.kernel.org ([198.145.29.99]:45270 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2387548AbgBMP00 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Feb 2020 10:26:26 -0500
Received: from localhost (unknown [104.132.1.104])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 937E32168B;
        Thu, 13 Feb 2020 15:26:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1581607585;
        bh=asWoLacKFH1KxfF3Gmpm1l70KlWV8YA0bQ4Byui+Vio=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=k8OxENi/LZuXYQXxMNrxCbCn5dbneaXbw0Pd83OXkEP8H82iakrtFruRr5FOMi96m
         tF0y/NCxrFlZQlQ292QDEPDHw/47Y5jcFAaL8MvACVuMlf/PJ/qYSWRxIaBKWVmFV3
         NS5+2M5IECaYj+MpCk7h/ziSqMSaJ16C+0338UEY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Jack Morgenstein <jackm@dev.mellanox.co.il>,
        Parav Pandit <parav@mellanox.com>,
        Leon Romanovsky <leonro@mellanox.com>,
        Jason Gunthorpe <jgg@mellanox.com>
Subject: [PATCH 4.19 03/52] IB/mlx4: Fix memory leak in add_gid error flow
Date:   Thu, 13 Feb 2020 07:20:44 -0800
Message-Id: <20200213151812.096725128@linuxfoundation.org>
X-Mailer: git-send-email 2.25.0
In-Reply-To: <20200213151810.331796857@linuxfoundation.org>
References: <20200213151810.331796857@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jack Morgenstein <jackm@dev.mellanox.co.il>

commit eaad647e5cc27f7b46a27f3b85b14c4c8a64bffa upstream.

In procedure mlx4_ib_add_gid(), if the driver is unable to update the FW
gid table, there is a memory leak in the driver's copy of the gid table:
the gid entry's context buffer is not freed.

If such an error occurs, free the entry's context buffer, and mark the
entry as available (by setting its context pointer to NULL).

Fixes: e26be1bfef81 ("IB/mlx4: Implement ib_device callbacks")
Link: https://lore.kernel.org/r/20200115085050.73746-1-leon@kernel.org
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/hw/mlx4/main.c |   20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -246,6 +246,13 @@ static int mlx4_ib_update_gids(struct gi
 	return mlx4_ib_update_gids_v1(gids, ibdev, port_num);
 }
 
+static void free_gid_entry(struct gid_entry *entry)
+{
+	memset(&entry->gid, 0, sizeof(entry->gid));
+	kfree(entry->ctx);
+	entry->ctx = NULL;
+}
+
 static int mlx4_ib_add_gid(const struct ib_gid_attr *attr, void **context)
 {
 	struct mlx4_ib_dev *ibdev = to_mdev(attr->device);
@@ -306,6 +313,8 @@ static int mlx4_ib_add_gid(const struct
 				     GFP_ATOMIC);
 		if (!gids) {
 			ret = -ENOMEM;
+			*context = NULL;
+			free_gid_entry(&port_gid_table->gids[free]);
 		} else {
 			for (i = 0; i < MLX4_MAX_PORT_GIDS; i++) {
 				memcpy(&gids[i].gid, &port_gid_table->gids[i].gid, sizeof(union ib_gid));
@@ -317,6 +326,12 @@ static int mlx4_ib_add_gid(const struct
 
 	if (!ret && hw_update) {
 		ret = mlx4_ib_update_gids(gids, ibdev, attr->port_num);
+		if (ret) {
+			spin_lock_bh(&iboe->lock);
+			*context = NULL;
+			free_gid_entry(&port_gid_table->gids[free]);
+			spin_unlock_bh(&iboe->lock);
+		}
 		kfree(gids);
 	}
 
@@ -346,10 +361,7 @@ static int mlx4_ib_del_gid(const struct
 		if (!ctx->refcount) {
 			unsigned int real_index = ctx->real_index;
 
-			memset(&port_gid_table->gids[real_index].gid, 0,
-			       sizeof(port_gid_table->gids[real_index].gid));
-			kfree(port_gid_table->gids[real_index].ctx);
-			port_gid_table->gids[real_index].ctx = NULL;
+			free_gid_entry(&port_gid_table->gids[real_index]);
 			hw_update = 1;
 		}
 	}