| Message ID | 20221202110430.1472991-1-william.xuanziyang@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net,v2] octeontx2-pf: Fix potential memory leak in otx2_init_tc() | expand |
On Fri, Dec 02, 2022 at 07:04:30PM +0800, Ziyang Xuan wrote: > In otx2_init_tc(), if rhashtable_init() failed, it does not free > tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). > > Fixes: 2e2a8126ffac ("octeontx2-pf: Unify flow management variables") > Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com> > --- > v2: > - Remove patch 2 which is not a problem, see the following link: > https://www.spinics.net/lists/netdev/msg864159.html > --- > drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c > index e64318c110fd..6a01ab1a6e6f 100644 > --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c > +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c > @@ -1134,7 +1134,12 @@ int otx2_init_tc(struct otx2_nic *nic) > return err; > > tc->flow_ht_params = tc_flow_ht_params; > - return rhashtable_init(&tc->flow_table, &tc->flow_ht_params); > + err = rhashtable_init(&tc->flow_table, &tc->flow_ht_params); > + if (err) { > + kfree(tc->tc_entries_bitmap); > + tc->tc_entries_bitmap = NULL; Why do you set NULL here? All callers of otx2_init_tc() unwind error properly. > + } > + return err; > } > EXPORT_SYMBOL(otx2_init_tc); > > -- > 2.25.1 >
> On Fri, Dec 02, 2022 at 07:04:30PM +0800, Ziyang Xuan wrote: >> In otx2_init_tc(), if rhashtable_init() failed, it does not free >> tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). >> >> Fixes: 2e2a8126ffac ("octeontx2-pf: Unify flow management variables") >> Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com> >> --- >> v2: >> - Remove patch 2 which is not a problem, see the following link: >> https://www.spinics.net/lists/netdev/msg864159.html >> --- >> drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c >> index e64318c110fd..6a01ab1a6e6f 100644 >> --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c >> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c >> @@ -1134,7 +1134,12 @@ int otx2_init_tc(struct otx2_nic *nic) >> return err; >> >> tc->flow_ht_params = tc_flow_ht_params; >> - return rhashtable_init(&tc->flow_table, &tc->flow_ht_params); >> + err = rhashtable_init(&tc->flow_table, &tc->flow_ht_params); >> + if (err) { >> + kfree(tc->tc_entries_bitmap); >> + tc->tc_entries_bitmap = NULL; > > Why do you set NULL here? All callers of otx2_init_tc() unwind error > properly. See the implementation of otx2_tc_alloc_ent_bitmap() as following: int otx2_tc_alloc_ent_bitmap(struct otx2_nic *nic) { struct otx2_tc_info *tc = &nic->tc_info; if (!nic->flow_cfg->max_flows) return 0; /* Max flows changed, free the existing bitmap */ kfree(tc->tc_entries_bitmap); ... } Hello Leon Romanovsky, It will kfree(tc->tc_entries_bitmap) firstly, and otx2_tc_alloc_ent_bitmap() is called by otx2_dl_mcam_count_set() and otx2_init_tc(). I am not sure their sequence and whether it will cause double free for tc->tc_entries_bitmap. So setting tc->tc_entries_bitmap to NULL is safe, I think. Thank you! > >> + } >> + return err; >> } >> EXPORT_SYMBOL(otx2_init_tc); >> >> -- >> 2.25.1 >> > . >
On Mon, Dec 05, 2022 at 10:31:02AM +0800, Ziyang Xuan (William) wrote: > > On Fri, Dec 02, 2022 at 07:04:30PM +0800, Ziyang Xuan wrote: > >> In otx2_init_tc(), if rhashtable_init() failed, it does not free > >> tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). > >> > >> Fixes: 2e2a8126ffac ("octeontx2-pf: Unify flow management variables") > >> Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com> > >> --- > >> v2: > >> - Remove patch 2 which is not a problem, see the following link: > >> https://www.spinics.net/lists/netdev/msg864159.html > >> --- > >> drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 ++++++- > >> 1 file changed, 6 insertions(+), 1 deletion(-) > >> > >> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c > >> index e64318c110fd..6a01ab1a6e6f 100644 > >> --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c > >> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c > >> @@ -1134,7 +1134,12 @@ int otx2_init_tc(struct otx2_nic *nic) > >> return err; > >> > >> tc->flow_ht_params = tc_flow_ht_params; > >> - return rhashtable_init(&tc->flow_table, &tc->flow_ht_params); > >> + err = rhashtable_init(&tc->flow_table, &tc->flow_ht_params); > >> + if (err) { > >> + kfree(tc->tc_entries_bitmap); > >> + tc->tc_entries_bitmap = NULL; > > > > Why do you set NULL here? All callers of otx2_init_tc() unwind error > > properly. > > See the implementation of otx2_tc_alloc_ent_bitmap() as following: > > int otx2_tc_alloc_ent_bitmap(struct otx2_nic *nic) > { > struct otx2_tc_info *tc = &nic->tc_info; > > if (!nic->flow_cfg->max_flows) > return 0; > > /* Max flows changed, free the existing bitmap */ > kfree(tc->tc_entries_bitmap); It is worthless call for probe() calls as tc->tc_entries_bitmap is always NULL at this point for them. The kfree(tc->tc_entries_bitmap); needs to be moved into otx2_dl_mcam_count_set() as it is the one place which can change bitmap. But ok, it is probably too much to request. Thanks, Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Hello: This patch was applied to netdev/net.git (master) by David S. Miller <davem@davemloft.net>: On Fri, 2 Dec 2022 19:04:30 +0800 you wrote: > In otx2_init_tc(), if rhashtable_init() failed, it does not free > tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). > > Fixes: 2e2a8126ffac ("octeontx2-pf: Unify flow management variables") > Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com> > --- > v2: > - Remove patch 2 which is not a problem, see the following link: > https://www.spinics.net/lists/netdev/msg864159.html > > [...] Here is the summary with links: - [net,v2] octeontx2-pf: Fix potential memory leak in otx2_init_tc() https://git.kernel.org/netdev/net/c/fbf33f5ac76f You are awesome, thank you!
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c index e64318c110fd..6a01ab1a6e6f 100644 --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c @@ -1134,7 +1134,12 @@ int otx2_init_tc(struct otx2_nic *nic) return err; tc->flow_ht_params = tc_flow_ht_params; - return rhashtable_init(&tc->flow_table, &tc->flow_ht_params); + err = rhashtable_init(&tc->flow_table, &tc->flow_ht_params); + if (err) { + kfree(tc->tc_entries_bitmap); + tc->tc_entries_bitmap = NULL; + } + return err; } EXPORT_SYMBOL(otx2_init_tc);
In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). Fixes: 2e2a8126ffac ("octeontx2-pf: Unify flow management variables") Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com> --- v2: - Remove patch 2 which is not a problem, see the following link: https://www.spinics.net/lists/netdev/msg864159.html --- drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)