Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1068285ybv; Thu, 20 Feb 2020 12:31:50 -0800 (PST) X-Google-Smtp-Source: APXvYqz4eWB2MUjIh3LNIZjLNqlycOMrbhH6PyWhJyEp17m2gePFdXpjS9CPs8TEZ+8Nn11UvovA X-Received: by 2002:a9d:6b95:: with SMTP id b21mr23840746otq.96.1582230709929; Thu, 20 Feb 2020 12:31:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582230709; cv=none; d=google.com; s=arc-20160816; b=FUStIerinfuXZxAJLY9JDMi1lu0NWojEqi2GO0pBgSJ6gTq2ULdv5UbmuQGO28O+V9 NIYM3qCOzqaRLpR293tA8iwBs7SZ+U5pnm53oKeHjl/2OGC6LG35Y8PkD5xbaDAMTbe+ TXzrTHycsN6C+PHCDObAO6LCUqQEUm80spL6BgbDrEh4HSboR/cZ6R9EQOgoWe9kcDeC mlLSb8CzY5FlzxFpdTwqGiwRrLjRgBTvaLPZcQW1vDnFd9NtuTVYtZEoslncIe1WgFY7 dzWAXKArs/5ljIwBS7HPqtnLp9oHuloj1TxUKvB8mN+kLuH1Tcrq32kMFo0rKUs0g6gQ 0BgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:content-transfer-encoding :mime-version:message-id:date:cc:to:from; bh=5lzYq4FhPs/7MZtlsJosOqho3lGA1zaweqAmPU3U8AY=; b=OLZO3+PhjgNjuh4OpRlNmhc78Qjiiuw0tT0X5ADRf3auKzG44ztjW/gftGGn/Hu6OQ wA/2MdQzgM11MBPi5lhf0mFtX6n7AwMvn0IU1wvC1Xj05inmE4SoBiNvV8Fru44XZs2R 7dI4s/787p82OrEfkU87Jfxe2Zni3R0YevicKnkF1C9lNXMGONaE/UH84q7UdBi4YFAk onoLvGBdFwG1kObk1KLuvyahrjnfDOsMdOBKq/st3TqKxx45sKWhlNXzaeLTsWljzQix APD8Yb42mw2Heyv/8IuHC6Xk8Go1g7xdtMKTH77mnGMkeAnT3hwszwAUlnp0r0K+ysvb Hdfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 5si203012oir.9.2020.02.20.12.31.36; Thu, 20 Feb 2020 12:31:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728992AbgBTUaC (ORCPT + 99 others); Thu, 20 Feb 2020 15:30:02 -0500 Received: from ale.deltatee.com ([207.54.116.67]:44994 "EHLO ale.deltatee.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728400AbgBTUaC (ORCPT ); Thu, 20 Feb 2020 15:30:02 -0500 Received: from cgy1-donard.priv.deltatee.com ([172.16.1.31]) by ale.deltatee.com with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1j4sSO-0005XN-Dz; Thu, 20 Feb 2020 13:30:01 -0700 Received: from gunthorp by cgy1-donard.priv.deltatee.com with local (Exim 4.92) (envelope-from ) id 1j4sSM-0006oK-Ry; Thu, 20 Feb 2020 13:29:58 -0700 From: Logan Gunthorpe To: linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org Cc: Keith Busch , Jens Axboe , Christoph Hellwig , Sagi Grimberg , Logan Gunthorpe Date: Thu, 20 Feb 2020 13:29:53 -0700 Message-Id: <20200220202953.26139-1-logang@deltatee.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 172.16.1.31 X-SA-Exim-Rcpt-To: linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org, kbusch@kernel.org, axboe@fb.com, hch@lst.de, sagi@grimberg.me, logang@deltatee.com X-SA-Exim-Mail-From: gunthorp@deltatee.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ale.deltatee.com X-Spam-Level: X-Spam-Status: No, score=-6.5 required=5.0 tests=ALL_TRUSTED,BAYES_00, MYRULES_FREE,MYRULES_NO_TEXT,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 Subject: [PATCH] nvme-multipath: Fix memory leak with ana_log_buf X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on ale.deltatee.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org kmemleak reports a memory leak with the ana_log_buf allocated by nvme_mpath_init(): unreferenced object 0xffff888120e94000 (size 8208): comm "nvme", pid 6884, jiffies 4295020435 (age 78786.312s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e2360188>] kmalloc_order+0x97/0xc0 [<0000000079b18dd4>] kmalloc_order_trace+0x24/0x100 [<00000000f50c0406>] __kmalloc+0x24c/0x2d0 [<00000000f31a10b9>] nvme_mpath_init+0x23c/0x2b0 [<000000005802589e>] nvme_init_identify+0x75f/0x1600 [<0000000058ef911b>] nvme_loop_configure_admin_queue+0x26d/0x280 [<00000000673774b9>] nvme_loop_create_ctrl+0x2a7/0x710 [<00000000f1c7a233>] nvmf_dev_write+0xc66/0x10b9 [<000000004199f8d0>] __vfs_write+0x50/0xa0 [<0000000065466fef>] vfs_write+0xf3/0x280 [<00000000b0db9a8b>] ksys_write+0xc6/0x160 [<0000000082156b91>] __x64_sys_write+0x43/0x50 [<00000000c34fbb6d>] do_syscall_64+0x77/0x2f0 [<00000000bbc574c9>] entry_SYSCALL_64_after_hwframe+0x49/0xbe nvme_mpath_init() is called by nvme_init_identify() which is called in multiple places (nvme_reset_work(), nvme_passthru_end(), etc). This means nvme_mpath_init() may be called multiple times before nvme_mpath_uninit() (which is only called on nvme_free_ctrl()). When nvme_mpath_init() is called multiple times, it overwrites the ana_log_buf pointer with a new allocation, thus leaking the previous allocation. To fix this, free ana_log_buf before allocating a new one. Signed-off-by: Logan Gunthorpe --- drivers/nvme/host/multipath.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 797c18337d96..a11900cf3a36 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -715,6 +715,7 @@ int nvme_mpath_init(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id) } INIT_WORK(&ctrl->ana_work, nvme_ana_work); + kfree(ctrl->ana_log_buf); ctrl->ana_log_buf = kmalloc(ctrl->ana_log_size, GFP_KERNEL); if (!ctrl->ana_log_buf) { error = -ENOMEM; base-commit: 11a48a5a18c63fd7621bb050228cebf13566e4d8 -- 2.20.1