1. Patchew
  2. linux
  3. View series

[PATCH net] qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()

Abdun Nihaal posted 1 patch 9 months ago
There is a newer version of this series
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
[PATCH net] qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
Posted by Abdun Nihaal 9 months ago 
In one of the error paths in qlcnic_sriov_channel_cfg_cmd(), the memory
allocated in qlcnic_sriov_alloc_bc_mbx_args() for mailbox arguments is
not freed. Fix that by jumping to the error path that frees them, by
calling qlcnic_free_mbx_args().

Fixes: f197a7aa6288 ("qlcnic: VF-PF communication channel implementation")
Signed-off-by: Abdun Nihaal <abdun.nihaal@gmail.com>
---
 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
index 28d24d59efb8..d57b976b9040 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
@@ -1484,8 +1484,11 @@ static int qlcnic_sriov_channel_cfg_cmd(struct qlcnic_adapter *adapter, u8 cmd_o
 	}
 
 	cmd_op = (cmd.rsp.arg[0] & 0xff);
-	if (cmd.rsp.arg[0] >> 25 == 2)
-		return 2;
+	if (cmd.rsp.arg[0] >> 25 == 2) {
+		ret = 2;
+		goto out;
+	}
+
 	if (cmd_op == QLCNIC_BC_CMD_CHANNEL_INIT)
 		set_bit(QLC_BC_VF_STATE, &vf->state);
 	else
-- 
2.47.2
Re: [PATCH net] qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
Posted by Simon Horman 9 months ago 
On Wed, May 07, 2025 at 08:51:00PM +0530, Abdun Nihaal wrote:
> In one of the error paths in qlcnic_sriov_channel_cfg_cmd(), the memory
> allocated in qlcnic_sriov_alloc_bc_mbx_args() for mailbox arguments is
> not freed. Fix that by jumping to the error path that frees them, by
> calling qlcnic_free_mbx_args().

Thanks, I agree with your analysis.

But I think it would be nice to include some text regarding
how you found the bug, e.g. by inspection, using static analysis,
via a crash.

And if you have been able to test the patch on hardware,
or if, rather, it is compile tested only.

> 
> Fixes: f197a7aa6288 ("qlcnic: VF-PF communication channel implementation")
> Signed-off-by: Abdun Nihaal <abdun.nihaal@gmail.com>

...
Re: [PATCH net] qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
Posted by Abdun Nihaal 9 months ago 
Hello Simon,

On Thu, May 08, 2025 at 06:36:47PM +0100, Simon Horman wrote:
> Thanks, I agree with your analysis.
> 
> But I think it would be nice to include some text regarding
> how you found the bug, e.g. by inspection, using static analysis,
> via a crash.
> 
> And if you have been able to test the patch on hardware,
> or if, rather, it is compile tested only.

Thanks for your suggestions. I found this using a static analysis tool
that I'm developing as a research prototype. Also the patch was only
compile tested. I'll add both the information when sending the V2 patch.

Regards,
Nihaal

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.