| Message ID | 20180914073716.26092-1-zhenyuw@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | vfio/mdev: fix missed mdev free in mdev_device_create() error path | expand |
On Fri, 14 Sep 2018 15:37:16 +0800 Zhenyu Wang <zhenyuw@linux.intel.com> wrote: > Add mdev kfree in mdev_device_create() error path which seems > to be ignored. The mdev is freed through put_device(), either directly, as in the failure path after device_register() or as part of the device_unregister() path. Please see the note above device_register(): * NOTE: _Never_ directly free @dev after calling this function, even * if it returned an error! Always use put_device() to give up the * reference initialized in this function instead. I don't see that there's a bug here presently. Thanks, Alex > Fixes: 7b96953bc640 ("vfio: Mediated device Core driver") > Cc: Alex Williamson <alex.williamson@redhat.com> > Cc: Kirti Wankhede <kwankhede@nvidia.com> > Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> > --- > drivers/vfio/mdev/mdev_core.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/vfio/mdev/mdev_core.c b/drivers/vfio/mdev/mdev_core.c > index 0212f0ee8aea..40a8f7280639 100644 > --- a/drivers/vfio/mdev/mdev_core.c > +++ b/drivers/vfio/mdev/mdev_core.c > @@ -294,7 +294,7 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid) > if (!uuid_le_cmp(tmp->uuid, uuid)) { > mutex_unlock(&mdev_list_lock); > ret = -EEXIST; > - goto mdev_fail; > + goto parent_put; > } > } > > @@ -302,7 +302,7 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid) > if (!mdev) { > mutex_unlock(&mdev_list_lock); > ret = -ENOMEM; > - goto mdev_fail; > + goto parent_put; > } > > memcpy(&mdev->uuid, &uuid, sizeof(uuid_le)); > @@ -342,6 +342,8 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid) > create_fail: > device_unregister(&mdev->dev); > mdev_fail: > + kfree(mdev); > +parent_put: > mdev_put_parent(parent); > return ret; > }
diff --git a/drivers/vfio/mdev/mdev_core.c b/drivers/vfio/mdev/mdev_core.c index 0212f0ee8aea..40a8f7280639 100644 --- a/drivers/vfio/mdev/mdev_core.c +++ b/drivers/vfio/mdev/mdev_core.c @@ -294,7 +294,7 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid) if (!uuid_le_cmp(tmp->uuid, uuid)) { mutex_unlock(&mdev_list_lock); ret = -EEXIST; - goto mdev_fail; + goto parent_put; } } @@ -302,7 +302,7 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid) if (!mdev) { mutex_unlock(&mdev_list_lock); ret = -ENOMEM; - goto mdev_fail; + goto parent_put; } memcpy(&mdev->uuid, &uuid, sizeof(uuid_le)); @@ -342,6 +342,8 @@ int mdev_device_create(struct kobject *kobj, struct device *dev, uuid_le uuid) create_fail: device_unregister(&mdev->dev); mdev_fail: + kfree(mdev); +parent_put: mdev_put_parent(parent); return ret; }
Add mdev kfree in mdev_device_create() error path which seems to be ignored. Fixes: 7b96953bc640 ("vfio: Mediated device Core driver") Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> --- drivers/vfio/mdev/mdev_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)