1. Patchew
  2. linux
  3. View series

[PATCH] um: vector: Fix memory leak in vector_config

Miaoqian Lin posted 1 patch 2 years, 8 months ago
There is a newer version of this series
arch/um/drivers/vector_kern.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] um: vector: Fix memory leak in vector_config
Posted by Miaoqian Lin 2 years, 8 months ago 
kstrdup() return newly allocated copy of the string.
Call kfree() to release the memory when after use.

Fixes: 49da7e64f33e ("High Performance UML Vector Network Driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
 arch/um/drivers/vector_kern.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/um/drivers/vector_kern.c b/arch/um/drivers/vector_kern.c
index ded7c47d2fbe..78f32005dd90 100644
--- a/arch/um/drivers/vector_kern.c
+++ b/arch/um/drivers/vector_kern.c
@@ -765,6 +765,7 @@ static int vector_config(char *str, char **error_out)
 
 	parsed = uml_parse_vector_ifspec(params);
 
+	kfree(params);
 	if (parsed == NULL) {
 		*error_out = "vector_config failed to parse parameters";
 		return -EINVAL;
-- 
2.25.1
Re: [PATCH] um: vector: Fix memory leak in vector_config
Posted by Geert Uytterhoeven 2 years, 8 months ago 
Hi Miaoqian,

On Thu, Dec 29, 2022 at 8:53 AM Miaoqian Lin <linmq006@gmail.com> wrote:
> kstrdup() return newly allocated copy of the string.
> Call kfree() to release the memory when after use.
>
> Fixes: 49da7e64f33e ("High Performance UML Vector Network Driver")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>

Thanks for your patch!

> --- a/arch/um/drivers/vector_kern.c
> +++ b/arch/um/drivers/vector_kern.c
> @@ -765,6 +765,7 @@ static int vector_config(char *str, char **error_out)
>
>         parsed = uml_parse_vector_ifspec(params);
>
> +       kfree(params);

Are you sure the memory pointed to by "params" is no longer used?
"parsed" seems to contain pointers pointing to (parts of) the string
pointed to by "params", so it cannot be freed.

>         if (parsed == NULL) {
>                 *error_out = "vector_config failed to parse parameters";
>                 return -EINVAL;

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Re: [PATCH] um: vector: Fix memory leak in vector_config
Posted by Anton Ivanov 2 years, 8 months ago 
On 03/01/2023 08:00, Geert Uytterhoeven wrote:
> Hi Miaoqian,
>
> On Thu, Dec 29, 2022 at 8:53 AM Miaoqian Lin <linmq006@gmail.com> wrote:
>> kstrdup() return newly allocated copy of the string.
>> Call kfree() to release the memory when after use.
>>
>> Fixes: 49da7e64f33e ("High Performance UML Vector Network Driver")
>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> Thanks for your patch!
>
>> --- a/arch/um/drivers/vector_kern.c
>> +++ b/arch/um/drivers/vector_kern.c
>> @@ -765,6 +765,7 @@ static int vector_config(char *str, char **error_out)
>>
>>          parsed = uml_parse_vector_ifspec(params);
>>
>> +       kfree(params);
> Are you sure the memory pointed to by "params" is no longer used?
> "parsed" seems to contain pointers pointing to (parts of) the string
> pointed to by "params", so it cannot be freed.

+1.

I was just about to send the same comment.

>
>>          if (parsed == NULL) {
>>                  *error_out = "vector_config failed to parse parameters";
>>                  return -EINVAL;
> Gr{oetje,eeting}s,
>
>                          Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds
>
-- 
Anton R. Ivanov
Cambridgegreys Limited. Registered in England. Company Number 10273661
https://www.cambridgegreys.com/
Re: [PATCH] um: vector: Fix memory leak in vector_config
Posted by Miaoqian Lin 2 years, 8 months ago 
On 2023/1/3 18:28, Anton Ivanov wrote:
>
> On 03/01/2023 08:00, Geert Uytterhoeven wrote:
>> Hi Miaoqian,
>>
>> On Thu, Dec 29, 2022 at 8:53 AM Miaoqian Lin <linmq006@gmail.com> wrote:
>>> kstrdup() return newly allocated copy of the string.
>>> Call kfree() to release the memory when after use.
>>>
>>> Fixes: 49da7e64f33e ("High Performance UML Vector Network Driver")
>>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
>> Thanks for your patch!
>>
>>> --- a/arch/um/drivers/vector_kern.c
>>> +++ b/arch/um/drivers/vector_kern.c
>>> @@ -765,6 +765,7 @@ static int vector_config(char *str, char **error_out)
>>>
>>>          parsed = uml_parse_vector_ifspec(params);
>>>
>>> +       kfree(params);
>> Are you sure the memory pointed to by "params" is no longer used?
>> "parsed" seems to contain pointers pointing to (parts of) the string
>> pointed to by "params", so it cannot be freed.
>
> +1.
>
> I was just about to send the same comment.
>
Oh yes, thanks for spotting this. We should only perform release when uml_parse_vector_ifspec() fails (returns NULL). In this situation, 'params' is no longer used. Do you agree?

Thanks,

>>
>>>          if (parsed == NULL) {
>>>                  *error_out = "vector_config failed to parse parameters";
>>>                  return -EINVAL;
>> Gr{oetje,eeting}s,
>>
>>                          Geert
>>
>> -- 
>> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
>>
>> In personal conversations with technical people, I call myself a hacker. But
>> when I'm talking to journalists I just say "programmer" or something like that.
>>                                  -- Linus Torvalds
>>
Re: [PATCH] um: vector: Fix memory leak in vector_config
Posted by Geert Uytterhoeven 2 years, 8 months ago 
Hi Miaoqian,

On Tue, Jan 3, 2023 at 1:17 PM Miaoqian Lin <linmq006@gmail.com> wrote:
> On 2023/1/3 18:28, Anton Ivanov wrote:
> > On 03/01/2023 08:00, Geert Uytterhoeven wrote:
> >> On Thu, Dec 29, 2022 at 8:53 AM Miaoqian Lin <linmq006@gmail.com> wrote:
> >>> kstrdup() return newly allocated copy of the string.
> >>> Call kfree() to release the memory when after use.
> >>>
> >>> Fixes: 49da7e64f33e ("High Performance UML Vector Network Driver")
> >>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> >> Thanks for your patch!
> >>
> >>> --- a/arch/um/drivers/vector_kern.c
> >>> +++ b/arch/um/drivers/vector_kern.c
> >>> @@ -765,6 +765,7 @@ static int vector_config(char *str, char **error_out)
> >>>
> >>>          parsed = uml_parse_vector_ifspec(params);
> >>>
> >>> +       kfree(params);
> >> Are you sure the memory pointed to by "params" is no longer used?
> >> "parsed" seems to contain pointers pointing to (parts of) the string
> >> pointed to by "params", so it cannot be freed.
> >
> > +1.
> >
> > I was just about to send the same comment.
> >
> Oh yes, thanks for spotting this. We should only perform release when uml_parse_vector_ifspec() fails (returns NULL). In this situation, 'params' is no longer used. Do you agree?

Yes, that sounds fine to me.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.