dpaa2 ethernet switch driver: Fix memory leak in dpaa2_switch_acl_entry_add()

[PATCH] dpaa2 ethernet switch driver: Fix memory leak in dpaa2_switch_acl_entry_add()

Posted by Q1IQ 4 years, 3 months ago

[why]
The error handling branch did not properly free the memory of cmd_buf
before return, which would cause memory leak.

[how]
Fix this by adding kfree to the error handling branch.

Signed-off-by: Q1IQ <fufuyqqqqqq@gmail.com>
---
 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
index cacd454ac696..4d07aee07f4c 100644
--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
@@ -132,6 +132,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
 						 DMA_TO_DEVICE);
 	if (unlikely(dma_mapping_error(dev, acl_entry_cfg->key_iova))) {
 		dev_err(dev, "DMA mapping failed\n");
+		kfree(cmd_buff);
 		return -EFAULT;
 	}
 
@@ -142,6 +143,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
 			 DMA_TO_DEVICE);
 	if (err) {
 		dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
+		kfree(cmd_buff);
 		return err;
 	}
 
-- 
2.30.1 (Apple Git-130)

Re: [PATCH] dpaa2 ethernet switch driver: Fix memory leak in dpaa2_switch_acl_entry_add()

Posted by Denis Kirjanov 4 years, 3 months ago


3/1/22 12:34, Q1IQ пишет:
> [why]
> The error handling branch did not properly free the memory of cmd_buf
> before return, which would cause memory leak.
> 
> [how]
> Fix this by adding kfree to the error handling branch.
> 
> Signed-off-by: Q1IQ <fufuyqqqqqq@gmail.com>

You should use your real name and please add Fixes tag

> ---
>   drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
> index cacd454ac696..4d07aee07f4c 100644
> --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
> +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
> @@ -132,6 +132,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
>   						 DMA_TO_DEVICE);
>   	if (unlikely(dma_mapping_error(dev, acl_entry_cfg->key_iova))) {
>   		dev_err(dev, "DMA mapping failed\n");
> +		kfree(cmd_buff);
>   		return -EFAULT;
>   	}
>   
> @@ -142,6 +143,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
>   			 DMA_TO_DEVICE);
>   	if (err) {
>   		dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
> +		kfree(cmd_buff);
>   		return err;
>   	}
>

[PATCH v1] dpaa2-switch: fix memory leak of dpaa2_switch_acl_entry_add

Posted by Yeqi Fu 4 years, 3 months ago

The error handling branch did not properly free the memory of cmd_buf
before return, which would cause memory leak. So fix this by adding
kfree to the error handling branch.

Fixes: 1110318d83e8 ("dpaa2-switch: add tc flower hardware offload on ingress traffic")
Signed-off-by: Yeqi Fu <fufuyqqqqqq@gmail.com>
Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn>
---
 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
index cacd454ac696..4d07aee07f4c 100644
--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
@@ -132,6 +132,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
 						 DMA_TO_DEVICE);
 	if (unlikely(dma_mapping_error(dev, acl_entry_cfg->key_iova))) {
 		dev_err(dev, "DMA mapping failed\n");
+		kfree(cmd_buff);
 		return -EFAULT;
 	}
 
@@ -142,6 +143,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
 			 DMA_TO_DEVICE);
 	if (err) {
 		dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
+		kfree(cmd_buff);
 		return err;
 	}
 
-- 
2.30.1 (Apple Git-130)

Re: [PATCH v1] dpaa2-switch: fix memory leak of dpaa2_switch_acl_entry_add

Posted by Ioana Ciornei 4 years, 3 months ago

On Tue, Mar 01, 2022 at 10:15:44PM +0800, Yeqi Fu wrote:
> The error handling branch did not properly free the memory of cmd_buf
> before return, which would cause memory leak. So fix this by adding
> kfree to the error handling branch.
> 
> Fixes: 1110318d83e8 ("dpaa2-switch: add tc flower hardware offload on ingress traffic")
> Signed-off-by: Yeqi Fu <fufuyqqqqqq@gmail.com>
> Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn>

Reviewed-by: Ioana Ciornei <ioana.ciornei@nxp.com>

Just as a note, this should have been [PATCH v2] and not v1.

Ioana

Re: [PATCH v1] dpaa2-switch: fix memory leak of dpaa2_switch_acl_entry_add

Posted by Jakub Kicinski 4 years, 3 months ago

On Tue,  1 Mar 2022 22:15:44 +0800 Yeqi Fu wrote:
> @@ -142,6 +143,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
>  			 DMA_TO_DEVICE);
>  	if (err) {
>  		dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
> +		kfree(cmd_buff);
>  		return err;
>  	}

With more context:

                return -EFAULT;
        }
 
        err = dpsw_acl_add_entry(ethsw->mc_io, 0, ethsw->dpsw_handle,
                                 filter_block->acl_id, acl_entry_cfg);
 
        dma_unmap_single(dev, acl_entry_cfg->key_iova, sizeof(cmd_buff),
                         DMA_TO_DEVICE);
        if (err) {
                dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
+               kfree(cmd_buff);
                return err;
        }
 
        kfree(cmd_buff);
 
        return 0;
 }

Here we see unmap is "pulled up" above the error check, same thing can
be done with the kfree(). Otherwise it looks slightly weird - the
buffer unmap and kfree are conceptually part of releasing the buffer,
yet they are split across the paths.