From nobody Mon Apr 6 11:52:05 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18446C433F5 for ; Fri, 30 Sep 2022 06:30:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230251AbiI3GaJ (ORCPT ); Fri, 30 Sep 2022 02:30:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230091AbiI3GaH (ORCPT ); Fri, 30 Sep 2022 02:30:07 -0400 Received: from mail-m975.mail.163.com (mail-m975.mail.163.com [123.126.97.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D0CA42D1D8; Thu, 29 Sep 2022 23:29:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=TeC9G wZOg9/n2xD1WVfGuCZoPfKYMRWZ2un6aSADwLY=; b=T5B8wTcUH2T9lpmd4DtsY xbwZWA5gAysDiN99ay9JZfXLrzI2IAtq02ZtA6/D3aXbu3vMcK8mJ7/DCeI0XHDN aMhgeMjv6NaCDm5i5UGLFp+z4rPN3Ytt6xJpmbFVxcyt7Ri7q/sj2KpaS9ZSVpOH b1WG+x3kcpgXuTQbACMc4w= Received: from localhost.localdomain (unknown [36.112.3.106]) by smtp5 (Coremail) with SMTP id HdxpCgAXcgicjDZjHxHXgQ--.36896S4; Fri, 30 Sep 2022 14:29:03 +0800 (CST) From: Jianglei Nie To: aelior@marvell.com, skalluru@marvell.com, manishc@marvell.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Jianglei Nie Subject: [PATCH] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Date: Fri, 30 Sep 2022 14:28:43 +0800 Message-Id: <20220930062843.5654-1-niejianglei2021@163.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: HdxpCgAXcgicjDZjHxHXgQ--.36896S4 X-Coremail-Antispam: 1Uf129KBjvJXoWrKF13CF1rWw17Gry3WF1rZwb_yoW8Jr1kp3 yqqFyDAr18trsYka1DJ3W8Zr98Z3y5t34j9ay3Z3yF93y5tr4UJrsrKay29ryDJrWrKr12 vr45Z3sxXa4qvw7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0ziCPfPUUUUU= X-Originating-IP: [36.112.3.106] X-CM-SenderInfo: xqlhyxxdqjzvrlsqjii6rwjhhfrp/1tbiWw+MjGI0Wa2DewAAsO Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" bnx2x_tpa_stop() allocates a memory chunk from new_data with bnx2x_frag_alloc(). The new_data should be freed when gets some error. But when "pad + len > fp->rx_buf_size" is true, bnx2x_tpa_stop() returns without releasing the new_data, which will lead to a memory leak. We should free the new_data with bnx2x_frag_free() when "pad + len > fp->rx_buf_size" is true. Fixes: 07b0f00964def8af9321cfd6c4a7e84f6362f728 ("bnx2x: fix possible panic under memory stress") Signed-off-by: Jianglei Nie --- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/= ethernet/broadcom/bnx2x/bnx2x_cmn.c index 712b5595bc39..24bfc65e28e1 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c @@ -789,6 +789,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx= 2x_fastpath *fp, BNX2X_ERR("skb_put is about to fail... pad %d len %d rx_buf_size %d\= n", pad, len, fp->rx_buf_size); bnx2x_panic(); + bnx2x_frag_free(fp, new_data); return; } #endif --=20 2.25.1