| Message ID | 1566176353-20157-1-git-send-email-bianpan2016@163.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [V2] block/bio-integrity: fix mismatched alloc free | expand |
On Mon, Aug 19, 2019 at 08:59:13AM +0800, Pan Bian wrote: > The function kmalloc rather than mempool_alloc is called to allocate > memory when the memory pool is unavailable. However, mempool_alloc is > used to release the memory chunck in both cases when error occurs. This > patch fixes the bug. > > Fixes: 9f060e2231c ("block: Convert integrity to bvec_alloc_bs()") > Signed-off-by: Pan Bian <bianpan2016@163.com> > Cc: stable@vger.kernel.org > --- > V2: add Fixes and CC tags > --- > block/bio-integrity.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/block/bio-integrity.c b/block/bio-integrity.c > index fb95dbb..011dfc8 100644 > --- a/block/bio-integrity.c > +++ b/block/bio-integrity.c > @@ -75,7 +75,10 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio, > > return bip; > err: > - mempool_free(bip, &bs->bio_integrity_pool); > + if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) > + kfree(bip); > + else > + mempool_free(bip, &bs->bio_integrity_pool); > return ERR_PTR(-ENOMEM); > } > EXPORT_SYMBOL(bio_integrity_alloc); 'err' is still reached in case that 'bs' is valid, so fix nothing. Thanks, Ming
On Mon, Aug 19, 2019 at 11:56:14AM +0800, Ming Lei wrote: > On Mon, Aug 19, 2019 at 08:59:13AM +0800, Pan Bian wrote: > > The function kmalloc rather than mempool_alloc is called to allocate > > memory when the memory pool is unavailable. However, mempool_alloc is > > used to release the memory chunck in both cases when error occurs. This > > patch fixes the bug. > > > > Fixes: 9f060e2231c ("block: Convert integrity to bvec_alloc_bs()") > > Signed-off-by: Pan Bian <bianpan2016@163.com> > > Cc: stable@vger.kernel.org > > --- > > V2: add Fixes and CC tags > > --- > > block/bio-integrity.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/block/bio-integrity.c b/block/bio-integrity.c > > index fb95dbb..011dfc8 100644 > > --- a/block/bio-integrity.c > > +++ b/block/bio-integrity.c > > @@ -75,7 +75,10 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio, > > > > return bip; > > err: > > - mempool_free(bip, &bs->bio_integrity_pool); > > + if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) > > + kfree(bip); > > + else > > + mempool_free(bip, &bs->bio_integrity_pool); > > return ERR_PTR(-ENOMEM); > > } > > EXPORT_SYMBOL(bio_integrity_alloc); > > 'err' is still reached in case that 'bs' is valid, so fix nothing. You are right! It's my fault. Thanks, Pan > > > Thanks, > Ming
diff --git a/block/bio-integrity.c b/block/bio-integrity.c index fb95dbb..011dfc8 100644 --- a/block/bio-integrity.c +++ b/block/bio-integrity.c @@ -75,7 +75,10 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio, return bip; err: - mempool_free(bip, &bs->bio_integrity_pool); + if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) + kfree(bip); + else + mempool_free(bip, &bs->bio_integrity_pool); return ERR_PTR(-ENOMEM); } EXPORT_SYMBOL(bio_integrity_alloc);
The function kmalloc rather than mempool_alloc is called to allocate memory when the memory pool is unavailable. However, mempool_alloc is used to release the memory chunck in both cases when error occurs. This patch fixes the bug. Fixes: 9f060e2231c ("block: Convert integrity to bvec_alloc_bs()") Signed-off-by: Pan Bian <bianpan2016@163.com> Cc: stable@vger.kernel.org --- V2: add Fixes and CC tags --- block/bio-integrity.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)