RDMA/siw: fix a refcount leak in siw_newlink()

Message ID	0ae07b18-e384-5d5d-54e8-8fe508af4f6a@I-love.SAKURA.ne.jp (mailing list archive)
State	Rejected
Headers	show Return-Path: <linux-rdma-owner@vger.kernel.org> Message-ID: <0ae07b18-e384-5d5d-54e8-8fe508af4f6a@I-love.SAKURA.ne.jp> Date: Fri, 24 Mar 2023 20:28:50 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Content-Language: en-US To: Bernard Metzler <bmt@zurich.ibm.com>, Jason Gunthorpe <jgg@ziepe.ca>, Leon Romanovsky <leon@kernel.org> Cc: OFED mailing list <linux-rdma@vger.kernel.org> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Subject: [PATCH] RDMA/siw: fix a refcount leak in siw_newlink() Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: bulk
Series	RDMA/siw: fix a refcount leak in siw_newlink() \| expand RDMA/siw: fix a refcount leak in siw_newlink()

Message ID

0ae07b18-e384-5d5d-54e8-8fe508af4f6a@I-love.SAKURA.ne.jp (mailing list archive)

State

Rejected

Headers

Message-ID: <0ae07b18-e384-5d5d-54e8-8fe508af4f6a@I-love.SAKURA.ne.jp>
Date: Fri, 24 Mar 2023 20:28:50 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.0
Content-Language: en-US
To: Bernard Metzler <bmt@zurich.ibm.com>,
        Jason Gunthorpe <jgg@ziepe.ca>,
        Leon Romanovsky <leon@kernel.org>
Cc: OFED mailing list <linux-rdma@vger.kernel.org>
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [PATCH] RDMA/siw: fix a refcount leak in siw_newlink()
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

RDMA/siw: fix a refcount leak in siw_newlink() | expand

Commit Message

Tetsuo Handa March 24, 2023, 11:28 a.m. UTC

siw_newlink() is leaking a refcount on "base_dev" when kzalloc() from
_ib_alloc_device() from ib_alloc_device() from siw_device_create()
returned NULL.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: bdcf26bf9b3a ("rdma/siw: network and RDMA core interface")
---
I don't know whether this is a bug syzbot is currently reporting at
https://syzkaller.appspot.com/bug?extid=5e70d01ee8985ae62a3b .
Please check if this patch helps.

 drivers/infiniband/sw/siw/siw_main.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Bernard Metzler March 24, 2023, 12:20 p.m. UTC | #1

> -----Original Message-----
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Sent: Friday, 24 March 2023 12:29
> To: Bernard Metzler <BMT@zurich.ibm.com>; Jason Gunthorpe <jgg@ziepe.ca>;
> Leon Romanovsky <leon@kernel.org>
> Cc: OFED mailing list <linux-rdma@vger.kernel.org>
> Subject: [EXTERNAL] [PATCH] RDMA/siw: fix a refcount leak in siw_newlink()
> 
> siw_newlink() is leaking a refcount on "base_dev" when kzalloc() from
> _ib_alloc_device() from ib_alloc_device() from siw_device_create()
> returned NULL.
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Fixes: bdcf26bf9b3a ("rdma/siw: network and RDMA core interface")
> ---
> I don't know whether this is a bug syzbot is currently reporting at
> INVALID URI REMOVED
> 3A__syzkaller.appspot.com_bug-3Fextid-
> 3D5e70d01ee8985ae62a3b&d=DwICaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=2TaYXQ0T-
> r8ZO1PP1alNwU_QJcRRLfmYTAgd3QCvqSc&m=iWfr1_1-sQHBc2O6yqblp-xMSeLRa2v-
> tngiW42NaNMNkPeHRVUwsZHN8LJtraFl&s=X9ORgENvKm5kPVOc8GInXfK8aE5VeiSKR_-
> BB8iiT_A&e=  .
> Please check if this patch helps.
> 
>  drivers/infiniband/sw/siw/siw_main.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/infiniband/sw/siw/siw_main.c
> b/drivers/infiniband/sw/siw/siw_main.c
> index dacc174604bf..aefeda633655 100644
> --- a/drivers/infiniband/sw/siw/siw_main.c
> +++ b/drivers/infiniband/sw/siw/siw_main.c
> @@ -522,6 +522,8 @@ static int siw_newlink(const char *basedev_name, struct
> net_device *netdev)
>  		rv = siw_device_register(sdev, basedev_name);
>  		if (rv)
>  			ib_dealloc_device(&sdev->base_dev);
> +	} else {
> +		ib_device_put(base_dev);

base_dev is always NULL here, so nothing to put,
right?


>  	}
>  	return rv;
>  }
> --
> 2.18.4

Tetsuo Handa March 24, 2023, 12:56 p.m. UTC | #2

On 2023/03/24 21:20, Bernard Metzler wrote:
>> @@ -522,6 +522,8 @@ static int siw_newlink(const char *basedev_name, struct
>> net_device *netdev)
>>  		rv = siw_device_register(sdev, basedev_name);
>>  		if (rv)
>>  			ib_dealloc_device(&sdev->base_dev);
>> +	} else {
>> +		ib_device_put(base_dev);
> 
> base_dev is always NULL here, so nothing to put,
> right?

Oops, indeed. Then, there is a leak somewhere else.

> 
> 
>>  	}
>>  	return rv;
>>  }
>> --
>> 2.18.4

diff --git a/drivers/infiniband/sw/siw/siw_main.c b/drivers/infiniband/sw/siw/siw_main.c
index dacc174604bf..aefeda633655 100644
--- a/drivers/infiniband/sw/siw/siw_main.c
+++ b/drivers/infiniband/sw/siw/siw_main.c
@@ -522,6 +522,8 @@  static int siw_newlink(const char *basedev_name, struct net_device *netdev)
 		rv = siw_device_register(sdev, basedev_name);
 		if (rv)
 			ib_dealloc_device(&sdev->base_dev);
+	} else {
+		ib_device_put(base_dev);
 	}
 	return rv;
 }

RDMA/siw: fix a refcount leak in siw_newlink()

Commit Message

Comments

Patch