1. Patchew
  2. linux
  3. View series

[PATCH] PCI/MSI: Fix memory leak in pci_alloc_irq_vectors_affinity INTx path

neilfsun posted 1 patch 1 month, 3 weeks ago
There is a newer version of this series
drivers/pci/msi/api.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
[PATCH] PCI/MSI: Fix memory leak in pci_alloc_irq_vectors_affinity INTx path
Posted by neilfsun 1 month, 3 weeks ago 
In the INTx fallback path of pci_alloc_irq_vectors_affinity(),
affinity masks are created and never freed.

Signed-off-by: neilfsun <neilfsun@tencent.com>
Signed-off-by: Sun Feng <loyou85@gmail.com>
---
 drivers/pci/msi/api.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/pci/msi/api.c b/drivers/pci/msi/api.c
index c18559b6272c..c1377f74b8f3 100644
--- a/drivers/pci/msi/api.c
+++ b/drivers/pci/msi/api.c
@@ -280,14 +280,17 @@ int pci_alloc_irq_vectors_affinity(struct pci_dev *dev, unsigned int min_vecs,
 	/* use INTx IRQ if allowed */
 	if (flags & PCI_IRQ_INTX) {
 		if (min_vecs == 1 && dev->irq) {
+			struct irq_affinity_desc *masks = NULL;
+
 			/*
 			 * Invoke the affinity spreading logic to ensure that
 			 * the device driver can adjust queue configuration
 			 * for the single interrupt case.
 			 */
 			if (affd)
-				irq_create_affinity_masks(1, affd);
+				masks = irq_create_affinity_masks(1, affd);
 			pci_intx(dev, 1);
+			kfree(masks);
 			return 1;
 		}
 	}
-- 
2.52.0
Re: [PATCH] PCI/MSI: Fix memory leak in pci_alloc_irq_vectors_affinity INTx path
Posted by Hans Zhang 1 month, 3 weeks ago 

On 4/20/26 12:09, neilfsun wrote:
> In the INTx fallback path of pci_alloc_irq_vectors_affinity(),
> affinity masks are created and never freed.
> 
> Signed-off-by: neilfsun <neilfsun@tencent.com>
> Signed-off-by: Sun Feng <loyou85@gmail.com>
> ---
>   drivers/pci/msi/api.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/pci/msi/api.c b/drivers/pci/msi/api.c
> index c18559b6272c..c1377f74b8f3 100644
> --- a/drivers/pci/msi/api.c
> +++ b/drivers/pci/msi/api.c
> @@ -280,14 +280,17 @@ int pci_alloc_irq_vectors_affinity(struct pci_dev *dev, unsigned int min_vecs,
>   	/* use INTx IRQ if allowed */
>   	if (flags & PCI_IRQ_INTX) {
>   		if (min_vecs == 1 && dev->irq) {
> +			struct irq_affinity_desc *masks = NULL;
> +
>   			/*
>   			 * Invoke the affinity spreading logic to ensure that
>   			 * the device driver can adjust queue configuration
>   			 * for the single interrupt case.
>   			 */
>   			if (affd)
> -				irq_create_affinity_masks(1, affd);
> +				masks = irq_create_affinity_masks(1, affd);

Hi,

Suggestion:

diff --git a/drivers/pci/msi/api.c b/drivers/pci/msi/api.c
index c18559b6272c..0ce34db2b2bf 100644
--- a/drivers/pci/msi/api.c
+++ b/drivers/pci/msi/api.c
@@ -286,7 +286,8 @@ int pci_alloc_irq_vectors_affinity(struct pci_dev 
*dev, unsigned int min_vecs,
                          * for the single interrupt case.
                          */
                         if (affd)
-                               irq_create_affinity_masks(1, affd);
+                               struct irq_affinity_desc *masks 
__free(kfree) =
+                                       irq_create_affinity_masks(1, affd);
                         pci_intx(dev, 1);
                         return 1;
                 }


Best regards,
Hans

>   			pci_intx(dev, 1);
> +			kfree(masks);
>   			return 1;
>   		}
>   	}
[PATCH v2 v2] PCI/MSI: Fix memory leak in pci_alloc_irq_vectors_affinity INTx path
Posted by neilfsun 1 month, 3 weeks ago 
In the INTx fallback path of pci_alloc_irq_vectors_affinity(),
affinity masks are created and never freed.

Signed-off-by: neilfsun <neilfsun@tencent.com>
Signed-off-by: Sun Feng <loyou85@gmail.com>
Reviewed-by: Hans Zhang <18255117159@163.com>
---
v2: use __free to auto-release pointers
---
 drivers/pci/msi/api.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/msi/api.c b/drivers/pci/msi/api.c
index c18559b6272c..994f12813ce3 100644
--- a/drivers/pci/msi/api.c
+++ b/drivers/pci/msi/api.c
@@ -285,8 +285,10 @@ int pci_alloc_irq_vectors_affinity(struct pci_dev *dev, unsigned int min_vecs,
 			 * the device driver can adjust queue configuration
 			 * for the single interrupt case.
 			 */
-			if (affd)
-				irq_create_affinity_masks(1, affd);
+			if (affd) {
+				struct irq_affinity_desc *masks __free(kfree) =
+					irq_create_affinity_masks(1, affd);
+			}
 			pci_intx(dev, 1);
 			return 1;
 		}
-- 
2.52.0
Re: [PATCH v2 v2] PCI/MSI: Fix memory leak in pci_alloc_irq_vectors_affinity INTx path
Posted by Thomas Gleixner 1 month, 3 weeks ago 
On Tue, Apr 21 2026 at 11:20, neilfsun wrote:

Please use function() notation in the subject as well.

> In the INTx fallback path of pci_alloc_irq_vectors_affinity(),
> affinity masks are created and never freed.

And then?

https://www.kernel.org/doc/html/latest/process/maintainer-tip.html#changelog


This also lacks a Fixes: tag to identify the commit which introduced the
problem. Hint: It was not commit beddb5efb43ee.

> Signed-off-by: neilfsun <neilfsun@tencent.com>
                 ^^^^^^^^
Please provide your real name and not your nickname. See
Documentation/process/...

> Signed-off-by: Sun Feng <loyou85@gmail.com>

This Signed-off-by chain is broken. See Documentation/process/...

> Reviewed-by: Hans Zhang <18255117159@163.com>

Hans did not provide you a Reviewed-by tag. The fact that he reviewed V1
and made suggestions how to improve does not imply that.

> @@ -285,8 +285,10 @@ int pci_alloc_irq_vectors_affinity(struct pci_dev *dev, unsigned int min_vecs,
>  			 * the device driver can adjust queue configuration
>  			 * for the single interrupt case.
>  			 */
> -			if (affd)
> -				irq_create_affinity_masks(1, affd);
> +			if (affd) {
> +				struct irq_affinity_desc *masks __free(kfree) =
> +					irq_create_affinity_masks(1, affd);

There is no point to use __free() here. The only reason why this is
invoked for the INTX case is to ensure that the affinity descriptor is
updated and an eventually provided calc_sets() callback is invoked. The
returned mask is not used at all, so this can be simplified to:

         kfree(affd ? irq_create_affinity_masks(1, affd) : NULL);

Along with a proper comment.

Thanks,

        tglx
Re: [PATCH v2 v2] PCI/MSI: Fix memory leak in pci_alloc_irq_vectors_affinity INTx path
Posted by Shawn Lin 1 month, 3 weeks ago 
On 2026/04/21 Tuesday 11:20, neilfsun Wrote:
> In the INTx fallback path of pci_alloc_irq_vectors_affinity(),
> affinity masks are created and never freed.
> 
> Signed-off-by: neilfsun <neilfsun@tencent.com>
> Signed-off-by: Sun Feng <loyou85@gmail.com>
> Reviewed-by: Hans Zhang <18255117159@163.com>

I don't see when Hans provided his tag in v1.

> ---
> v2: use __free to auto-release pointers
> ---
>   drivers/pci/msi/api.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/pci/msi/api.c b/drivers/pci/msi/api.c
> index c18559b6272c..994f12813ce3 100644
> --- a/drivers/pci/msi/api.c
> +++ b/drivers/pci/msi/api.c
> @@ -285,8 +285,10 @@ int pci_alloc_irq_vectors_affinity(struct pci_dev *dev, unsigned int min_vecs,
>   			 * the device driver can adjust queue configuration
>   			 * for the single interrupt case.
>   			 */
> -			if (affd)
> -				irq_create_affinity_masks(1, affd);
> +			if (affd) {
> +				struct irq_affinity_desc *masks __free(kfree) =
> +					irq_create_affinity_masks(1, affd);


The __free() attribute is typically used for ensuring cleanup across
multiple exit paths​ within a function. In this case, the allocated masks
is not used and its scope ends immediately after creation. Why can't
we simply kfree(irq_create_affinity_masks(1, affd))...


> +			}
>   			pci_intx(dev, 1);
>   			return 1;
>   		}

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.