Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3512461pxf; Mon, 15 Mar 2021 11:11:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFoygptgM5g3r069sSZSz05KN5jMDTTf57ksS2tpSR/bUHyqG+h3Icgw9QCFU+TM0RAqRy X-Received: by 2002:a17:906:c099:: with SMTP id f25mr25623288ejz.141.1615831866875; Mon, 15 Mar 2021 11:11:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615831866; cv=none; d=google.com; s=arc-20160816; b=jdSHcEf6oCPG/s8WYNr4nhaPiPLq7mbFKWZW3DCNJkMmJ2wTh99QDMksCxWQG8L091 iLB0RJeSgO7n53odeD8Mhh8qLe4umOJXGYrpgUj2P+s5+c2IPQnpVG/40Ig0/NueQhq2 b+3EYzfnroE7VkOXkcFYrv7SFIp/qq3mVeOuap/z3ywSgQqdqgI3r920IjuibIDU7eTL ZHe/SjwQkLiHLHIxNG+YYASXRfHfRCKjzip8C0ozrvJHyKwPwRtCFQJnMTCtJ9Uo1Ggj WZghbzdDHs8NWa1bYmY08o7r4eCccZMbKnbg4ThFy5ry7u5La1/ZvGt3BRh9x7DS/bXW Omdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=uSBvIispQRObuxu0b9Uvcxefwc9YWlRSlh97jofuUb4=; b=ODvhfF3pg4WoHfAFQXHhBltNBNmmdfyKEdFKgnV1UPaGD2UUUijVD8a6HAK2E71SVY UcDVk1OGIJftYoa8ScSohEvj+U5NkECl9cRPJ+5BNP7i9G9dsAaN9NDPhYd9IwDXubq5 o2q7YkHmipvJh1206mbTRghSDTd4iftubTnztE9NveqT5tsntAWOJwB9+XGqGHeMwODK ok/VY+byH/S9qxpsdy9qp4FXldcaVSogs0awyYi71994G9GP7H5zZYej23Rnga3I0FZo E/xsjItK9CQcRws+jV9A4/MTiqu4FcXc/LO7nedENenp+AU9X1nT55scrYOK74HNlzjt Zpjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=X7HR8dyf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 24si12148927edv.533.2021.03.15.11.10.39; Mon, 15 Mar 2021 11:11:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=X7HR8dyf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235506AbhCOOKz (ORCPT + 99 others); Mon, 15 Mar 2021 10:10:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:37476 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232257AbhCON6Q (ORCPT ); Mon, 15 Mar 2021 09:58:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id DE2BB64F07; Mon, 15 Mar 2021 13:58:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1615816696; bh=MM8h9pSZ/19i18U1Dbp8uKWmfV4/joyYNuc/4IEtrYw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=X7HR8dyf+Wmyw5qVV1z2sRgALsP+qNC3mnAPR3a7WYgyUULLbJX2LiAS9/HCgwXVJ 1qM0KHprdKfVx09B4WbBfZxQ8eLIEuPK+40txVCHbCqeLCoHV6zydP4juoZdG+oIhH AFuqR+Kzos8opx1UE/s4/NCna9EYe16un5Ow/UKM= From: gregkh@linuxfoundation.org To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Julian Wiedmann , Alexandra Winter , "David S. Miller" Subject: [PATCH 5.10 061/290] s390/qeth: fix memory leak after failed TX Buffer allocation Date: Mon, 15 Mar 2021 14:52:34 +0100 Message-Id: <20210315135543.979604801@linuxfoundation.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210315135541.921894249@linuxfoundation.org> References: <20210315135541.921894249@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kroah-Hartman From: Julian Wiedmann commit e7a36d27f6b9f389e41d8189a8a08919c6835732 upstream. When qeth_alloc_qdio_queues() fails to allocate one of the buffers that back an Output Queue, the 'out_freeoutqbufs' path will free all previously allocated buffers for this queue. But it misses to free the half-finished queue struct itself. Move the buffer allocation into qeth_alloc_output_queue(), and deal with such errors internally. Fixes: 0da9581ddb0f ("qeth: exploit asynchronous delivery of storage blocks") Signed-off-by: Julian Wiedmann Reviewed-by: Alexandra Winter Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/s390/net/qeth_core_main.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -2632,15 +2632,28 @@ static void qeth_free_output_queue(struc static struct qeth_qdio_out_q *qeth_alloc_output_queue(void) { struct qeth_qdio_out_q *q = kzalloc(sizeof(*q), GFP_KERNEL); + unsigned int i; if (!q) return NULL; - if (qdio_alloc_buffers(q->qdio_bufs, QDIO_MAX_BUFFERS_PER_Q)) { - kfree(q); - return NULL; + if (qdio_alloc_buffers(q->qdio_bufs, QDIO_MAX_BUFFERS_PER_Q)) + goto err_qdio_bufs; + + for (i = 0; i < QDIO_MAX_BUFFERS_PER_Q; i++) { + if (qeth_init_qdio_out_buf(q, i)) + goto err_out_bufs; } + return q; + +err_out_bufs: + while (i > 0) + kmem_cache_free(qeth_qdio_outbuf_cache, q->bufs[--i]); + qdio_free_buffers(q->qdio_bufs, QDIO_MAX_BUFFERS_PER_Q); +err_qdio_bufs: + kfree(q); + return NULL; } static void qeth_tx_completion_timer(struct timer_list *timer) @@ -2653,7 +2666,7 @@ static void qeth_tx_completion_timer(str static int qeth_alloc_qdio_queues(struct qeth_card *card) { - int i, j; + unsigned int i; QETH_CARD_TEXT(card, 2, "allcqdbf"); @@ -2687,13 +2700,6 @@ static int qeth_alloc_qdio_queues(struct queue->coalesce_usecs = QETH_TX_COALESCE_USECS; queue->max_coalesced_frames = QETH_TX_MAX_COALESCED_FRAMES; queue->priority = QETH_QIB_PQUE_PRIO_DEFAULT; - - /* give outbound qeth_qdio_buffers their qdio_buffers */ - for (j = 0; j < QDIO_MAX_BUFFERS_PER_Q; ++j) { - WARN_ON(queue->bufs[j]); - if (qeth_init_qdio_out_buf(queue, j)) - goto out_freeoutqbufs; - } } /* completion */ @@ -2702,13 +2708,6 @@ static int qeth_alloc_qdio_queues(struct return 0; -out_freeoutqbufs: - while (j > 0) { - --j; - kmem_cache_free(qeth_qdio_outbuf_cache, - card->qdio.out_qs[i]->bufs[j]); - card->qdio.out_qs[i]->bufs[j] = NULL; - } out_freeoutq: while (i > 0) { qeth_free_output_queue(card->qdio.out_qs[--i]);