Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1632441pxj; Sun, 9 May 2021 00:19:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz31q5ADk3PyJWMrELlm+P3X0hWZ0ItuDTLv1Y4KOW6tdyviOLEd0R86zK2IV6ipfdfXuLX X-Received: by 2002:aa7:c2d2:: with SMTP id m18mr21670301edp.96.1620544752496; Sun, 09 May 2021 00:19:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620544752; cv=none; d=google.com; s=arc-20160816; b=CjR1Q97qqwPrGogKERr3KZIdUDUVOWwZTfWLeYXbH0+lY9LWYDThIWMoNhiHaeeGqW Nxas5hVoCdXOCVxyYer4Ak6v0skIh1EzEKtduTERCDmoSISUbh2/ET5MU28gqQ8zl+ax i6h+P2lMzXzBgYj2C3LXSwueoOtn4Q2YvBAUpjKeWbMmaGgsdYooLeuMXkm28qMr480V pEjvgXfYXCfbLx9c1AtWQ+PJRoBqubTinptIaqsYgjN5/zT7xvacuFa373TgsJM9J1vw +ouo2OzLWkH2KSJJTgFO4cKULhCxNbxf7cE0bLSpumQTfb5+r4lcNcQ/AIUVYfbIam1C NNQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=bOuOO2lmm14sC+R7EuXYmZhDtXIWWGmM2FDcqjBriO0=; b=x4DtlbDmQwdivCUHPd6yLwU7j2prDX73BgD3IB6ph67HQrEPs9tNnHTNMD8KGbRPEp +xo6qY9eDGp7gt6RHVCSoEoi2JRDVeShtwSZoLKTaj+yjl2gZsNqHzB2pJQncv+R1dRy DKJFohHAIBtUMm2CzIFplhlvo/9XgbN+p6pgunJm/YXPiZfm7k0iIIxWBNCiIxON8jYH gXhi44KvFTmsqIgDszLFcBPMpRNH4VWTC2zP3iRuYsOXkYCzffYr/omHPnCBYR5QrnO6 FqIQ5Ej1lSYCYip1AiZXRgpl4zfLXVRgclg1bi/yigrw+ahX1CuKC9ySlYSDTVbQkC5G ep6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x11si10011195ejv.267.2021.05.09.00.18.23; Sun, 09 May 2021 00:19:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229660AbhEIHOS (ORCPT + 99 others); Sun, 9 May 2021 03:14:18 -0400 Received: from smtp06.smtpout.orange.fr ([80.12.242.128]:34842 "EHLO smtp.smtpout.orange.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229619AbhEIHOQ (ORCPT ); Sun, 9 May 2021 03:14:16 -0400 Received: from localhost.localdomain ([86.243.172.93]) by mwinf5d86 with ME id 2XD52500321Fzsu03XD5xo; Sun, 09 May 2021 09:13:06 +0200 X-ME-Helo: localhost.localdomain X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Sun, 09 May 2021 09:13:06 +0200 X-ME-IP: 86.243.172.93 From: Christophe JAILLET To: kys@microsoft.com, haiyangz@microsoft.com, sthemmin@microsoft.com, wei.liu@kernel.org, decui@microsoft.com, gregkh@linuxfoundation.org Cc: linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Christophe JAILLET Subject: [PATCH 1/2] uio_hv_generic: Fix a memory leak in error handling paths Date: Sun, 9 May 2021 09:13:03 +0200 Message-Id: <4fdaff557deef6f0475d02ba7922ddbaa1ab08a6.1620544055.git.christophe.jaillet@wanadoo.fr> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free the corresponding buffer. In such a case, we need to free the buffer explicitly. Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use") Signed-off-by: Christophe JAILLET --- Before commit cdfa835c6e5e, the 'vfree' were done unconditionally in 'hv_uio_cleanup()'. So, another way for fixing the potential leak is to modify 'hv_uio_cleanup()' and revert to the previous behavior. I don't know the underlying reason for this change so I don't know which is the best way to fix this error handling path. Unless there is a specific reason, changing 'hv_uio_cleanup()' could be better because it would keep the error handling path of the probe cleaner, IMHO. --- drivers/uio/uio_hv_generic.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 0330ba99730e..eebc399f2cc7 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -296,8 +296,10 @@ hv_uio_probe(struct hv_device *dev, ret = vmbus_establish_gpadl(channel, pdata->recv_buf, RECV_BUFFER_SIZE, &pdata->recv_gpadl); - if (ret) + if (ret) { + vfree(pdata->recv_buf); goto fail_close; + } /* put Global Physical Address Label in name */ snprintf(pdata->recv_name, sizeof(pdata->recv_name), @@ -316,8 +318,10 @@ hv_uio_probe(struct hv_device *dev, ret = vmbus_establish_gpadl(channel, pdata->send_buf, SEND_BUFFER_SIZE, &pdata->send_gpadl); - if (ret) + if (ret) { + vfree(pdata->send_buf); goto fail_close; + } snprintf(pdata->send_name, sizeof(pdata->send_name), "send:%u", pdata->send_gpadl); -- 2.30.2