Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1129637ybt; Sat, 20 Jun 2020 01:43:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbMgt04WSh/a4G3Q5OyFx8pLAtzM8tuO8CZ0L69RecxPUrGGcPQxw0DjFa4t2RreadZzGs X-Received: by 2002:aa7:cc19:: with SMTP id q25mr7084961edt.26.1592642617231; Sat, 20 Jun 2020 01:43:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592642617; cv=none; d=google.com; s=arc-20160816; b=W2ZnfLVq5uNxPwOApXpdvrlsrsXK2Tdna8RLxO96c0WdVscweMcWf7v3LxoB/yEKh2 +wEnKSKnU53R2Tg0Br/LOwlVCxQ4SjIW2jM/+2DWRFd9JUx2vjZDl1rBO0XPZQuUPQJ7 a9AgQePiIJgPNBszrcIKe7FDv4mvPUDeiWu2xAuoVS4jMl9gXe7C17EzDORCMmT+6/Nk /yXMowN5VR6pyRE0c0EENUgN1MlQshpXbG7I+O3ZiSklsfgvuujUVr/4YkcjTd9jUQIB Q+DWb5NsUCAtf0rxDSkrgVrdXk6UUR8YwdNpzcEkQXCs9DjcCJAUELgAhxfo5Z6wZEC6 Cszw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=iWIPHfjS6oPBBvwvlRaaU95Rtsuv0pmaIateWyhPB7I=; b=dbrx8NYwAXm9SytYqOaRVOfdn9ayLP8cpAsfluBMojdCfMvtBMfyiinQnRQN0uaru7 oVYnntKqn4FOzKeMmT016B6kOZm0pVvbUhYUKOrhwkr2WGadXXsPP3HqGVvBkGow/0ym +0AJS8PGImfJRiifWsXaGsQwoordLx2D+mXYYAjAQOf2RmudC4ZZNqGJDaC4HONLbfDb yYu+GK/VTYSsIAg7Lb/uHRxvi7PDs24bSqff3gyfcxyHu8wmqAC9xlfu/PVysf1i/8cU XML8UATGEbe4eBaYwlgkmnkA+3UBtiY6z4x8JDiyYCuugmoxOTqLenwIjTWUYy3wCex+ WPvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v9si5519463edr.417.2020.06.20.01.43.14; Sat, 20 Jun 2020 01:43:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727826AbgFTIlX (ORCPT + 99 others); Sat, 20 Jun 2020 04:41:23 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:39190 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726838AbgFTIlW (ORCPT ); Sat, 20 Jun 2020 04:41:22 -0400 Received: from DGGEMS410-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 71E1C5320015253F93A7; Sat, 20 Jun 2020 16:41:15 +0800 (CST) Received: from huawei.com (10.90.53.225) by DGGEMS410-HUB.china.huawei.com (10.3.19.210) with Microsoft SMTP Server id 14.3.487.0; Sat, 20 Jun 2020 16:41:05 +0800 From: Zheng Bin To: , , , , , CC: , Subject: [PATCH v2] nbd: Fix memory leak in nbd_add_socket Date: Sat, 20 Jun 2020 16:48:09 +0800 Message-ID: <20200620084809.126398-1-zhengbin13@huawei.com> X-Mailer: git-send-email 2.26.0.106.g9fadedd MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.90.53.225] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If we add first socket to nbd, config->socks is malloced but num_connections does not update(nsock's allocation fail), the memory is leaked. Cause in later nbd_config_put(), will only free config->socks when num_connections is not 0. Let nsock's allocation first to avoid this. Fixes: 03bf73c315ed ("nbd: prevent memory leak") Signed-off-by: Zheng Bin --- v1->v2: modify comments drivers/block/nbd.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 43cff01a5a67..3e7709317b17 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -1037,21 +1037,22 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg, return -EBUSY; } + nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL); + if (!nsock) { + sockfd_put(sock); + return -ENOMEM; + } + socks = krealloc(config->socks, (config->num_connections + 1) * sizeof(struct nbd_sock *), GFP_KERNEL); if (!socks) { sockfd_put(sock); + kfree(nsock); return -ENOMEM; } config->socks = socks; - nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL); - if (!nsock) { - sockfd_put(sock); - return -ENOMEM; - } - nsock->fallback_index = -1; nsock->dead = false; mutex_init(&nsock->tx_lock); -- 2.26.0.106.g9fadedd