diff mbox series

s390/vfio_ap: fix memory leak in vfio_ap device driver

Message ID 20230315153932.165031-1-akrowiak@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series s390/vfio_ap: fix memory leak in vfio_ap device driver | expand

Commit Message

Anthony Krowiak March 15, 2023, 3:39 p.m. UTC 
The device release callback function invoked to release the matrix device
uses the dev_get_drvdata(device *dev) function to retrieve the
pointer to the vfio_matrix_dev object in order to free its storage. The
problem is, this object is not stored as drvdata with the device; since the
kfree function will accept a NULL pointer, the memory for the
vfio_matrix_dev object is never freed.

Since the device being released is contained within the vfio_matrix_dev
object, the container_of macro will be used to retrieve its pointer.

Fixes: 1fde573413b5 ("s390: vfio-ap: base implementation of VFIO AP device driver")
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
---
 drivers/s390/crypto/vfio_ap_drv.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Harald Freudenberger March 15, 2023, 5:25 p.m. UTC | #1 
On 2023-03-15 16:39, Tony Krowiak wrote:
> The device release callback function invoked to release the matrix 
> device
> uses the dev_get_drvdata(device *dev) function to retrieve the
> pointer to the vfio_matrix_dev object in order to free its storage. The
> problem is, this object is not stored as drvdata with the device; since 
> the
> kfree function will accept a NULL pointer, the memory for the
> vfio_matrix_dev object is never freed.
> 
> Since the device being released is contained within the vfio_matrix_dev
> object, the container_of macro will be used to retrieve its pointer.
> 
> Fixes: 1fde573413b5 ("s390: vfio-ap: base implementation of VFIO AP
> device driver")
> Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
> ---
>  drivers/s390/crypto/vfio_ap_drv.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/s390/crypto/vfio_ap_drv.c
> b/drivers/s390/crypto/vfio_ap_drv.c
> index 997b524bdd2b..15e9de9f4574 100644
> --- a/drivers/s390/crypto/vfio_ap_drv.c
> +++ b/drivers/s390/crypto/vfio_ap_drv.c
> @@ -54,8 +54,9 @@ static struct ap_driver vfio_ap_drv = {
> 
>  static void vfio_ap_matrix_dev_release(struct device *dev)
>  {
> -	struct ap_matrix_dev *matrix_dev = dev_get_drvdata(dev);
> -
> +	struct ap_matrix_dev *matrix_dev = container_of(dev,
> +							struct ap_matrix_dev,
> +							device);
>  	kfree(matrix_dev);
>  }

I needed some indirections to follow what exactly happens here and how 
you
fix it, but finally I got it.
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Anthony Krowiak March 15, 2023, 5:57 p.m. UTC | #2 
snip ...


> I needed some indirections to follow what exactly happens here and how 
> you
> fix it, but finally I got it.
> Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>

Sorry about the indirections. Thanks for the review.
Heiko Carstens March 16, 2023, 8:39 a.m. UTC | #3 
On Wed, Mar 15, 2023 at 11:39:32AM -0400, Tony Krowiak wrote:
> The device release callback function invoked to release the matrix device
> uses the dev_get_drvdata(device *dev) function to retrieve the
> pointer to the vfio_matrix_dev object in order to free its storage. The
> problem is, this object is not stored as drvdata with the device; since the
> kfree function will accept a NULL pointer, the memory for the
> vfio_matrix_dev object is never freed.
> 
> Since the device being released is contained within the vfio_matrix_dev
> object, the container_of macro will be used to retrieve its pointer.
> 
> Fixes: 1fde573413b5 ("s390: vfio-ap: base implementation of VFIO AP device driver")
> Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
> ---
>  drivers/s390/crypto/vfio_ap_drv.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/s390/crypto/vfio_ap_drv.c b/drivers/s390/crypto/vfio_ap_drv.c
> index 997b524bdd2b..15e9de9f4574 100644
> --- a/drivers/s390/crypto/vfio_ap_drv.c
> +++ b/drivers/s390/crypto/vfio_ap_drv.c
> @@ -54,8 +54,9 @@ static struct ap_driver vfio_ap_drv = {
>  
>  static void vfio_ap_matrix_dev_release(struct device *dev)
>  {
> -	struct ap_matrix_dev *matrix_dev = dev_get_drvdata(dev);
> -
> +	struct ap_matrix_dev *matrix_dev = container_of(dev,
> +							struct ap_matrix_dev,
> +							device);
>  	kfree(matrix_dev);

Could you keep this code more readable, including adding the missing
blank line after the declaration, please? Something like:

static void vfio_ap_matrix_dev_release(struct device *dev)
{
	struct ap_matrix_dev *matrix_dev;

	matrix_dev = container_of(dev, struct ap_matrix_dev, device);
	kfree(matrix_dev);
}

Thanks!
Anthony Krowiak March 16, 2023, 1:35 p.m. UTC | #4 
On 3/16/23 4:39 AM, Heiko Carstens wrote:
> On Wed, Mar 15, 2023 at 11:39:32AM -0400, Tony Krowiak wrote:
>> The device release callback function invoked to release the matrix device
>> uses the dev_get_drvdata(device *dev) function to retrieve the
>> pointer to the vfio_matrix_dev object in order to free its storage. The
>> problem is, this object is not stored as drvdata with the device; since the
>> kfree function will accept a NULL pointer, the memory for the
>> vfio_matrix_dev object is never freed.
>>
>> Since the device being released is contained within the vfio_matrix_dev
>> object, the container_of macro will be used to retrieve its pointer.
>>
>> Fixes: 1fde573413b5 ("s390: vfio-ap: base implementation of VFIO AP device driver")
>> Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
>> ---
>>   drivers/s390/crypto/vfio_ap_drv.c | 5 +++--
>>   1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/s390/crypto/vfio_ap_drv.c b/drivers/s390/crypto/vfio_ap_drv.c
>> index 997b524bdd2b..15e9de9f4574 100644
>> --- a/drivers/s390/crypto/vfio_ap_drv.c
>> +++ b/drivers/s390/crypto/vfio_ap_drv.c
>> @@ -54,8 +54,9 @@ static struct ap_driver vfio_ap_drv = {
>>   
>>   static void vfio_ap_matrix_dev_release(struct device *dev)
>>   {
>> -	struct ap_matrix_dev *matrix_dev = dev_get_drvdata(dev);
>> -
>> +	struct ap_matrix_dev *matrix_dev = container_of(dev,
>> +							struct ap_matrix_dev,
>> +							device);
>>   	kfree(matrix_dev);
> Could you keep this code more readable, including adding the missing
> blank line after the declaration, please? Something like:
>
> static void vfio_ap_matrix_dev_release(struct device *dev)
> {
> 	struct ap_matrix_dev *matrix_dev;
>
> 	matrix_dev = container_of(dev, struct ap_matrix_dev, device);
> 	kfree(matrix_dev);
> }
>
> Thanks!


Will do.
diff mbox series

Patch

diff --git a/drivers/s390/crypto/vfio_ap_drv.c b/drivers/s390/crypto/vfio_ap_drv.c
index 997b524bdd2b..15e9de9f4574 100644
--- a/drivers/s390/crypto/vfio_ap_drv.c
+++ b/drivers/s390/crypto/vfio_ap_drv.c
@@ -54,8 +54,9 @@  static struct ap_driver vfio_ap_drv = {
 
 static void vfio_ap_matrix_dev_release(struct device *dev)
 {
-	struct ap_matrix_dev *matrix_dev = dev_get_drvdata(dev);
-
+	struct ap_matrix_dev *matrix_dev = container_of(dev,
+							struct ap_matrix_dev,
+							device);
 	kfree(matrix_dev);
 }