Message ID | 1464617879-19581-2-git-send-email-vkuznets@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Delegated to: | Bjorn Helgaas |
Headers | show |
> -----Original Message----- > From: Vitaly Kuznetsov [mailto:vkuznets@redhat.com] > Sent: Monday, May 30, 2016 7:18 AM > To: linux-pci@vger.kernel.org > Cc: linux-kernel@vger.kernel.org; devel@linuxdriverproject.org; Bjorn > Helgaas <bhelgaas@google.com>; Haiyang Zhang > <haiyangz@microsoft.com>; KY Srinivasan <kys@microsoft.com>; Jake > Oshins <jakeo@microsoft.com> > Subject: [PATCH 1/2] PCI: hv: don't leak buffer in hv_pci_onchannelcallback() > > We don't free buffer on several code paths in hv_pci_onchannelcallback(), > put kfree() to the end of the function to fix the issue. Direct { kfree(); > return; } can now be replaced with a simple 'break'; > > Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Acked-by: Jake Oshins <jakeo@microsoft.com> > --- > drivers/pci/host/pci-hyperv.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c > index 7e9b2de..a68ec49 100644 > --- a/drivers/pci/host/pci-hyperv.c > +++ b/drivers/pci/host/pci-hyperv.c > @@ -1661,10 +1661,8 @@ static void hv_pci_onchannelcallback(void > *context) > * All incoming packets must be at least as large as a > * response. > */ > - if (bytes_recvd <= sizeof(struct pci_response)) { > - kfree(buffer); > - return; > - } > + if (bytes_recvd <= sizeof(struct pci_response)) > + break; > desc = (struct vmpacket_descriptor *)buffer; > > switch (desc->type) { > @@ -1679,8 +1677,7 @@ static void hv_pci_onchannelcallback(void > *context) > comp_packet->completion_func(comp_packet- > >compl_ctxt, > response, > bytes_recvd); > - kfree(buffer); > - return; > + break; > > case VM_PKT_DATA_INBAND: > > @@ -1729,6 +1726,8 @@ static void hv_pci_onchannelcallback(void > *context) > } > break; > } > + > + kfree(buffer); > } > > /** > -- > 2.5.5 This is a good fix. Thanks. -- Jake Oshins -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c index 7e9b2de..a68ec49 100644 --- a/drivers/pci/host/pci-hyperv.c +++ b/drivers/pci/host/pci-hyperv.c @@ -1661,10 +1661,8 @@ static void hv_pci_onchannelcallback(void *context) * All incoming packets must be at least as large as a * response. */ - if (bytes_recvd <= sizeof(struct pci_response)) { - kfree(buffer); - return; - } + if (bytes_recvd <= sizeof(struct pci_response)) + break; desc = (struct vmpacket_descriptor *)buffer; switch (desc->type) { @@ -1679,8 +1677,7 @@ static void hv_pci_onchannelcallback(void *context) comp_packet->completion_func(comp_packet->compl_ctxt, response, bytes_recvd); - kfree(buffer); - return; + break; case VM_PKT_DATA_INBAND: @@ -1729,6 +1726,8 @@ static void hv_pci_onchannelcallback(void *context) } break; } + + kfree(buffer); } /**
We don't free buffer on several code paths in hv_pci_onchannelcallback(), put kfree() to the end of the function to fix the issue. Direct { kfree(); return; } can now be replaced with a simple 'break'; Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> --- drivers/pci/host/pci-hyperv.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)