drivers/fwctl/mlx5/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
Avoid potential memory management issue by matching alloc/free routines.
Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
---
drivers/fwctl/mlx5/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
index f93aa0cecdb9..4b379f695eb7 100644
--- a/drivers/fwctl/mlx5/main.c
+++ b/drivers/fwctl/mlx5/main.c
@@ -345,7 +345,7 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
*/
if (ret && ret != -EREMOTEIO) {
if (rpc_out != rpc_in)
- kfree(rpc_out);
+ kvfree(rpc_out);
return ERR_PTR(ret);
}
return rpc_out;
--
2.34.1On Sun, Aug 10, 2025 at 11:47:42PM +0530, Akhilesh Patil wrote:
> Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
> Avoid potential memory management issue by matching alloc/free routines.
>
> Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
> Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
Hi Akhilesh,
How about making the commit message more specific about why this
patch is critical even when no immediate symptoms are observed. Based
on the current description, a developer might think "this works fine
in my testing, so it's not urgent."
This type bug is particularly dangerous because it can pass code review
and testing, then cause mysterious production failures that are extremely
difficult to trace back to the root cause.
If this sounds like I'm going overboard on an obvious fix, I am doing
so intentionally. I am encouraging you, as a new contributor, to show
that you looked into how kvzalloc() works. I believe it can use either
kmalloc() or vmalloc(). You don't need to be a memory alloc expert to
submit this fix, but demonstrate that you looked beyond a report in a
static analysis tool. Also, that's where the interesting learnings
appear.
Similar to what Markus mentioned, a simple message stating how this
was found is useful too.
--Alison
> ---
> drivers/fwctl/mlx5/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
> index f93aa0cecdb9..4b379f695eb7 100644
> --- a/drivers/fwctl/mlx5/main.c
> +++ b/drivers/fwctl/mlx5/main.c
> @@ -345,7 +345,7 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> */
> if (ret && ret != -EREMOTEIO) {
> if (rpc_out != rpc_in)
> - kfree(rpc_out);
> + kvfree(rpc_out);
> return ERR_PTR(ret);
> }
> return rpc_out;
> --
> 2.34.1
>
On Fri, Aug 15, 2025 at 11:59:05AM -0700, Alison Schofield wrote:
> On Sun, Aug 10, 2025 at 11:47:42PM +0530, Akhilesh Patil wrote:
> > Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
> > Avoid potential memory management issue by matching alloc/free routines.
> >
> > Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
> > Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
>
> Hi Akhilesh,
>
> How about making the commit message more specific about why this
> patch is critical even when no immediate symptoms are observed. Based
> on the current description, a developer might think "this works fine
> in my testing, so it's not urgent."
>
> This type bug is particularly dangerous because it can pass code review
> and testing, then cause mysterious production failures that are extremely
> difficult to trace back to the root cause.
Agree.
>
> If this sounds like I'm going overboard on an obvious fix, I am doing
> so intentionally. I am encouraging you, as a new contributor, to show
> that you looked into how kvzalloc() works. I believe it can use either
> kmalloc() or vmalloc(). You don't need to be a memory alloc expert to
> submit this fix, but demonstrate that you looked beyond a report in a
> static analysis tool. Also, that's where the interesting learnings
> appear.
>
> Similar to what Markus mentioned, a simple message stating how this
> was found is useful too.
>
> --Alison
Thanks Alison for valuable insights and feedback :)
I will add "How this issue got dicovered" and "Why it is important to
fix" in the commit message and share v2.
Regards,
Akhilesh
>
>
> > ---
> > drivers/fwctl/mlx5/main.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
> > index f93aa0cecdb9..4b379f695eb7 100644
> > --- a/drivers/fwctl/mlx5/main.c
> > +++ b/drivers/fwctl/mlx5/main.c
> > @@ -345,7 +345,7 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> > */
> > if (ret && ret != -EREMOTEIO) {
> > if (rpc_out != rpc_in)
> > - kfree(rpc_out);
> > + kvfree(rpc_out);
> > return ERR_PTR(ret);
> > }
> > return rpc_out;
> > --
> > 2.34.1
> >
> Use kvfree() to free memory allocated by kvzalloc() instead of kfree(). > Avoid potential memory management issue by matching alloc/free routines. Will another bit of background information become helpful for an improved change description? Test command example: Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> /usr/bin/spatch -D report scripts/coccinelle/api/kfree_mismatch.cocci drivers/fwctl/mlx5/main.c … Regards, Markus
On Fri, Aug 15, 2025 at 04:40:10PM +0200, Markus Elfring wrote: > > Use kvfree() to free memory allocated by kvzalloc() instead of kfree(). > > Avoid potential memory management issue by matching alloc/free routines. > > Will another bit of background information become helpful > for an improved change description? > > Test command example: > Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> /usr/bin/spatch -D report scripts/coccinelle/api/kfree_mismatch.cocci drivers/fwctl/mlx5/main.c Sure, I will update the commit message to add this and push v2. Thanks Markus for the suggestion. Regards, Akhilesh > … > > Regards, > Markus
On 8/10/25 11:17 AM, Akhilesh Patil wrote:
> Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
> Avoid potential memory management issue by matching alloc/free routines.
>
> Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
> Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> ---
> drivers/fwctl/mlx5/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
> index f93aa0cecdb9..4b379f695eb7 100644
> --- a/drivers/fwctl/mlx5/main.c
> +++ b/drivers/fwctl/mlx5/main.c
> @@ -345,7 +345,7 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> */
> if (ret && ret != -EREMOTEIO) {
> if (rpc_out != rpc_in)
> - kfree(rpc_out);
> + kvfree(rpc_out);
> return ERR_PTR(ret);
> }
> return rpc_out;
Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
Avoid potential memory management issue considering kvzalloc() can
internally choose to use either kmalloc() or vmalloc() based on memory
request and current system memory state. Hence, use more appropriate
kvfree() which automatically determines correct free method to avoid
potential hard to debug memory issues.
Fix this issue discovered by running spatch static analysis tool using
coccinelle script - scripts/coccinelle/api/kfree_mismatch.cocci
Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
changes v1 -> v2:
- Update commit message with details on why this issue needs to be fixed
as suggested by Alison <alison.schofield@intel.com>
- Update commit message with details on how this issue was discovered
using coccinelle scripts as suggested by Markus <Markus.Elfring@web.de>
- Carry forward Reviewd-by tag from Dave Jiang <dave.jiang@intel.com>
---
drivers/fwctl/mlx5/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
index f93aa0cecdb9..4b379f695eb7 100644
--- a/drivers/fwctl/mlx5/main.c
+++ b/drivers/fwctl/mlx5/main.c
@@ -345,7 +345,7 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
*/
if (ret && ret != -EREMOTEIO) {
if (rpc_out != rpc_in)
- kfree(rpc_out);
+ kvfree(rpc_out);
return ERR_PTR(ret);
}
return rpc_out;
--
2.34.1On Sat, Aug 16, 2025 at 11:49:54AM +0530, Akhilesh Patil wrote:
> Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
> Avoid potential memory management issue considering kvzalloc() can
> internally choose to use either kmalloc() or vmalloc() based on memory
> request and current system memory state. Hence, use more appropriate
> kvfree() which automatically determines correct free method to avoid
> potential hard to debug memory issues.
> Fix this issue discovered by running spatch static analysis tool using
> coccinelle script - scripts/coccinelle/api/kfree_mismatch.cocci
>
> Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
> Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
> Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> ---
> changes v1 -> v2:
> - Update commit message with details on why this issue needs to be fixed
> as suggested by Alison <alison.schofield@intel.com>
> - Update commit message with details on how this issue was discovered
> using coccinelle scripts as suggested by Markus <Markus.Elfring@web.de>
> - Carry forward Reviewd-by tag from Dave Jiang <dave.jiang@intel.com>
> ---
> drivers/fwctl/mlx5/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to for-rc thanks
Jason
On Sat, Aug 16, 2025 at 11:49:54AM +0530, Akhilesh Patil wrote:
> Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
> Avoid potential memory management issue considering kvzalloc() can
> internally choose to use either kmalloc() or vmalloc() based on memory
> request and current system memory state. Hence, use more appropriate
> kvfree() which automatically determines correct free method to avoid
> potential hard to debug memory issues.
> Fix this issue discovered by running spatch static analysis tool using
> coccinelle script - scripts/coccinelle/api/kfree_mismatch.cocci
>
> Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
> Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
> Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> ---
> changes v1 -> v2:
> - Update commit message with details on why this issue needs to be fixed
> as suggested by Alison <alison.schofield@intel.com>
> - Update commit message with details on how this issue was discovered
> using coccinelle scripts as suggested by Markus <Markus.Elfring@web.de>
> - Carry forward Reviewd-by tag from Dave Jiang <dave.jiang@intel.com>
> ---
> drivers/fwctl/mlx5/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to for-rc, thanks
Jason
On Sat, Aug 16, 2025 at 11:49:54AM +0530, Akhilesh Patil wrote:
> Use kvfree() to free memory allocated by kvzalloc() instead of kfree().
> Avoid potential memory management issue considering kvzalloc() can
> internally choose to use either kmalloc() or vmalloc() based on memory
> request and current system memory state. Hence, use more appropriate
> kvfree() which automatically determines correct free method to avoid
> potential hard to debug memory issues.
> Fix this issue discovered by running spatch static analysis tool using
> coccinelle script - scripts/coccinelle/api/kfree_mismatch.cocci
>
> Fixes: 52929c2142041 ("fwctl/mlx5: Support for communicating with mlx5 fw")
> Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
> Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> ---
> changes v1 -> v2:
> - Update commit message with details on why this issue needs to be fixed
> as suggested by Alison <alison.schofield@intel.com>
> - Update commit message with details on how this issue was discovered
> using coccinelle scripts as suggested by Markus <Markus.Elfring@web.de>
> - Carry forward Reviewd-by tag from Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Alison Schofield <alison.schofield@intel.com>
© 2016 - 2025 Red Hat, Inc.