| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALs4sv3STBARmMOZiBSXHtFkXd3E_hJwjWJ0x8zJ1_cYYw=ioA@mail.gmail.com>
Date: Thu, 22 Jan 2026 15:14:08 +0530
From: Pavan Chebbi <pavan.chebbi@...adcom.com>
To: Zilin Guan <zilin@....edu.cn>
Cc: michael.chan@...adcom.com, andrew+netdev@...n.ch, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org, jianhao.xu@....edu.cn
Subject: Re: [PATCH net] bnxt_en: Fix memory leak in bnxt_alloc_mem()
On Thu, Jan 22, 2026 at 2:56 PM Zilin Guan <zilin@....edu.cn> wrote:
>
> In bnxt_alloc_mem(), the function allocates memory for bp->bnapi,
> bp->rx_ring, bp->tx_ring, and bp->tx_ring_map.
>
> However, if the allocation for rx_ring, tx_ring, or tx_ring_map fails, the
> function currently returns -ENOMEM directly without freeing the previously
> allocated memory. This leads to a memory leak.
>
> Fix this by jumping to the alloc_mem_err label when allocation fails,
> which ensures that bnxt_free_mem() is called to properly release all
> allocated resources.
This fix is not needed. The memory is freed by the caller of bnxt_alloc_mem().
>
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
>
> Fixes: a960dec98861 ("bnxt_en: Add tx ring mapping logic.")
> Fixes: b6ab4b01f53b ("bnxt_en: Separate bnxt_{rx|tx}_ring_info structs from bnxt_napi struct.")
> Signed-off-by: Zilin Guan <zilin@....edu.cn>
> ---
> drivers/net/ethernet/broadcom/bnxt/bnxt.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> index 8419d1eb4035..99dae75146b5 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> @@ -5491,8 +5491,10 @@ static int bnxt_alloc_mem(struct bnxt *bp, bool irq_re_init)
> bp->rx_ring = kcalloc(bp->rx_nr_rings,
> sizeof(struct bnxt_rx_ring_info),
> GFP_KERNEL);
> - if (!bp->rx_ring)
> - return -ENOMEM;
> + if (!bp->rx_ring) {
> + rc = -ENOMEM;
> + goto alloc_mem_err;
> + }
>
> for (i = 0; i < bp->rx_nr_rings; i++) {
> struct bnxt_rx_ring_info *rxr = &bp->rx_ring[i];
> @@ -5512,14 +5514,18 @@ static int bnxt_alloc_mem(struct bnxt *bp, bool irq_re_init)
> bp->tx_ring = kcalloc(bp->tx_nr_rings,
> sizeof(struct bnxt_tx_ring_info),
> GFP_KERNEL);
> - if (!bp->tx_ring)
> - return -ENOMEM;
> + if (!bp->tx_ring) {
> + rc = -ENOMEM;
> + goto alloc_mem_err;
> + }
>
> bp->tx_ring_map = kcalloc(bp->tx_nr_rings, sizeof(u16),
> GFP_KERNEL);
>
> - if (!bp->tx_ring_map)
> - return -ENOMEM;
> + if (!bp->tx_ring_map) {
> + rc = -ENOMEM;
> + goto alloc_mem_err;
> + }
>
> if (bp->flags & BNXT_FLAG_SHARED_RINGS)
> j = 0;
> --
> 2.34.1
>
Download attachment "smime.p7s" of type "application/pkcs7-signature" (5469 bytes)
Powered by blists - more mailing lists