lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAH-L+nOZ98nyRzifRfrrxD4AVYrVrsz+tzeQcB3f_QD3sbQ=cQ@mail.gmail.com>
Date: Mon, 28 Oct 2024 13:57:23 +0530
From: Kalesh Anakkur Purayil <kalesh-anakkur.purayil@...adcom.com>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: Selvin Xavier <selvin.xavier@...adcom.com>, Jason Gunthorpe <jgg@...pe.ca>, 
	Leon Romanovsky <leon@...nel.org>, linux-kernel@...r.kernel.org, 
	kernel-janitors@...r.kernel.org, linux-rdma@...r.kernel.org
Subject: Re: [PATCH 1/2] RDMA/bnxt_re: Fix some error handling paths in bnxt_re_probe()

Hi Christophe,

Thank you for the patch. Please see my response below.

On Sat, Oct 26, 2024 at 1:39 PM Christophe JAILLET
<christophe.jaillet@...adoo.fr> wrote:
>
> If bnxt_re_add_device() fails, 'en_info' still needs to be freed. This is
> done in bnxt_re_remove() with the needed locking.
>
> The commit in Fixes: in-correctly removed this call, certainly because it
> was expecting the .remove() function was called anyway. But if the probe
> fails, the remove function is not called.
>
> To fix this memory leak, partly revert this patch and restore the explicit
> call to the remove function in the error handling path of the probe.
>
> Fixes: a5e099e0c464 ("RDMA/bnxt_re: Fix an error path in bnxt_re_add_device")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> ---
> Compile tested only
>
>
> Another solution, maybe more elegant, would be only call kfree() in the
> error handling path. In fact locking and the other stuff in the remove
> look useless in this specific case.
> ---
>  drivers/infiniband/hw/bnxt_re/main.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/drivers/infiniband/hw/bnxt_re/main.c b/drivers/infiniband/hw/bnxt_re/main.c
> index 6715c96a3eee..d183e293ec96 100644
> --- a/drivers/infiniband/hw/bnxt_re/main.c
> +++ b/drivers/infiniband/hw/bnxt_re/main.c
> @@ -2025,7 +2025,15 @@ static int bnxt_re_probe(struct auxiliary_device *adev,
>         auxiliary_set_drvdata(adev, en_info);
>
>         rc = bnxt_re_add_device(adev, BNXT_RE_COMPLETE_INIT);
> +       if (rc)
[Kalesh] As you suggested, how about a small change to free en_info
here? You do not have to invoke bnxt_re_remove() in the error path
here.
> +               goto err;
>         mutex_unlock(&bnxt_re_mutex);
> +       return 0;
> +
> +err:
> +       mutex_unlock(&bnxt_re_mutex);
> +       bnxt_re_remove(adev);
> +
>         return rc;
>  }
>
> --
> 2.47.0
>


-- 
Regards,
Kalesh A P

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4239 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ