1. Patchew
  2. linux
  3. View series

[PATCH] PCI: p2pdma: Fix incorrect pointer usage in devm_kfree() call

Sungho Kim posted 1 patch 1 month, 2 weeks ago 
drivers/pci/p2pdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] PCI: p2pdma: Fix incorrect pointer usage in devm_kfree() call
Posted by Sungho Kim 1 month, 2 weeks ago 
The error handling path in the P2P DMA resource setup function contains
a bug in its `pgmap_free` label.

Memory is allocated for the `p2p_pgmap` struct, and the pointer is stored
in the `p2p_pgmap` variable. However, the error path attempts to call
devm_kfree() using the `pgmap` variable, which is a pointer to a member
field within the `p2p_pgmap` struct, not the base pointer of the allocation.

This patch corrects the bug by passing the correct base pointer,
`p2p_pgmap`, to the devm_kfree() function.

Signed-off-by: Sungho Kim <sungho.kim@furiosa.ai>
---
 drivers/pci/p2pdma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
index da5657a02..1cb5e423e 100644
--- a/drivers/pci/p2pdma.c
+++ b/drivers/pci/p2pdma.c
@@ -360,7 +360,7 @@ int pci_p2pdma_add_resource(struct pci_dev *pdev, int bar, size_t size,
 pages_free:
 	devm_memunmap_pages(&pdev->dev, pgmap);
 pgmap_free:
-	devm_kfree(&pdev->dev, pgmap);
+	devm_kfree(&pdev->dev, p2p_pgmap);
 	return error;
 }
 EXPORT_SYMBOL_GPL(pci_p2pdma_add_resource);
-- 
2.48.1
Re: [PATCH] PCI: p2pdma: Fix incorrect pointer usage in devm_kfree() call
Posted by Bjorn Helgaas 1 month, 2 weeks ago 
On Wed, Aug 20, 2025 at 07:57:14PM +0900, Sungho Kim wrote:
> The error handling path in the P2P DMA resource setup function contains
> a bug in its `pgmap_free` label.
> 
> Memory is allocated for the `p2p_pgmap` struct, and the pointer is stored
> in the `p2p_pgmap` variable. However, the error path attempts to call
> devm_kfree() using the `pgmap` variable, which is a pointer to a member
> field within the `p2p_pgmap` struct, not the base pointer of the allocation.
> 
> This patch corrects the bug by passing the correct base pointer,
> `p2p_pgmap`, to the devm_kfree() function.
> 
> Signed-off-by: Sungho Kim <sungho.kim@furiosa.ai>

Applied to pci/p2pdma for v6.18, thanks!

> ---
>  drivers/pci/p2pdma.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
> index da5657a02..1cb5e423e 100644
> --- a/drivers/pci/p2pdma.c
> +++ b/drivers/pci/p2pdma.c
> @@ -360,7 +360,7 @@ int pci_p2pdma_add_resource(struct pci_dev *pdev, int bar, size_t size,
>  pages_free:
>  	devm_memunmap_pages(&pdev->dev, pgmap);
>  pgmap_free:
> -	devm_kfree(&pdev->dev, pgmap);
> +	devm_kfree(&pdev->dev, p2p_pgmap);
>  	return error;
>  }
>  EXPORT_SYMBOL_GPL(pci_p2pdma_add_resource);
> -- 
> 2.48.1
>
Re: [PATCH] PCI: p2pdma: Fix incorrect pointer usage in devm_kfree() call
Posted by Logan Gunthorpe 1 month, 2 weeks ago 

On 2025-08-20 04:57, Sungho Kim wrote:
> The error handling path in the P2P DMA resource setup function contains
> a bug in its `pgmap_free` label.
> 
> Memory is allocated for the `p2p_pgmap` struct, and the pointer is stored
> in the `p2p_pgmap` variable. However, the error path attempts to call
> devm_kfree() using the `pgmap` variable, which is a pointer to a member
> field within the `p2p_pgmap` struct, not the base pointer of the allocation.
> 
> This patch corrects the bug by passing the correct base pointer,
> `p2p_pgmap`, to the devm_kfree() function.
> 
> Signed-off-by: Sungho Kim <sungho.kim@furiosa.ai>

Good catch, thank you.

Reviewed-by: Logan Gunthorpe <logang@deltatee.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.