diff mbox series

[v2] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources

Message ID 20231208082316.3384650-1-alexious@zju.edu.cn (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [v2] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1141 this patch: 1141
netdev/cc_maintainers warning 1 maintainers not CCed: sumang@marvell.com
netdev/build_clang success Errors and warnings before: 1142 this patch: 1142
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 1168 this patch: 1168
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Zhipeng Lu Dec. 8, 2023, 8:23 a.m. UTC 
In the error handling of 'offset > adapter->ring_size', the
tx_ring->tx_buffer allocated by kzalloc should be freed,
instead of 'goto failed' instantly.

Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
---

Changelog:

v2: Setting tx_ring->tx_buffer to NULL after free.
---
 drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Suman Ghosh Dec. 8, 2023, 8:51 a.m. UTC | #1 
>In the error handling of 'offset > adapter->ring_size', the tx_ring-
>>tx_buffer allocated by kzalloc should be freed, instead of 'goto
>failed' instantly.
>
>Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver")
>Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
>---
Reviewed-by: Suman Ghosh <sumang@marvell.com>
>
>Changelog:
>
>v2: Setting tx_ring->tx_buffer to NULL after free.
Jakub Kicinski Dec. 12, 2023, 3:14 a.m. UTC | #2 
On Fri,  8 Dec 2023 16:23:14 +0800 Zhipeng Lu wrote:
> v2: Setting tx_ring->tx_buffer to NULL after free.

Having closer look at this driver  - it tries to free both on close and
remove, so seems like we do indeed have to NULL-out the pointer, sigh.

> diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
> index 5935be190b9e..1bffe77439ac 100644
> --- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
> +++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
> @@ -866,6 +866,8 @@ static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter)
>  		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
>  			   offset, adapter->ring_size);
>  		err = -1;
> +		kfree(tx_ring->tx_buffer);
> +		tx_ring->tx_buffer = NULL;
>  		goto failed;

Please add a new jump target, tho, and move the freeing there.
There's a small chance someone will add more code to this function
and it will need to copy / paste this unwind.
Zhipeng Lu Dec. 14, 2023, 1:05 p.m. UTC | #3 
> On Fri,  8 Dec 2023 16:23:14 +0800 Zhipeng Lu wrote:
> > v2: Setting tx_ring->tx_buffer to NULL after free.
> 
> Having closer look at this driver  - it tries to free both on close and
> remove, so seems like we do indeed have to NULL-out the pointer, sigh.
> 
> > diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
> > index 5935be190b9e..1bffe77439ac 100644
> > --- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
> > +++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
> > @@ -866,6 +866,8 @@ static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter)
> >  		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
> >  			   offset, adapter->ring_size);
> >  		err = -1;
> > +		kfree(tx_ring->tx_buffer);
> > +		tx_ring->tx_buffer = NULL;
> >  		goto failed;
> 
> Please add a new jump target, tho, and move the freeing there.
> There's a small chance someone will add more code to this function
> and it will need to copy / paste this unwind.
> -- 

Thank you for your advice, I've send a v3 version of this patch.
diff mbox series

Patch

diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
index 5935be190b9e..1bffe77439ac 100644
--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
@@ -866,6 +866,8 @@  static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter)
 		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
 			   offset, adapter->ring_size);
 		err = -1;
+		kfree(tx_ring->tx_buffer);
+		tx_ring->tx_buffer = NULL;
 		goto failed;
 	}