lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221207115537.zf2ikns77bxyt74m@skbuf>
Date:   Wed, 7 Dec 2022 13:55:37 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Yuan Can <yuancan@...wei.com>
Cc:     ioana.ciornei@....com, davem@...emloft.net, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org
Subject: Re: [PATCH] dpaa2-switch: Fix memory leak in
 dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()

Hi Yuan,

On Mon, Dec 05, 2022 at 06:15:15AM +0000, Yuan Can wrote:
> The cmd_buff needs to be freed when error happened in
> dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().
> 
> Fixes: 1110318d83e8 ("dpaa2-switch: add tc flower hardware offload on ingress traffic")
> Signed-off-by: Yuan Can <yuancan@...wei.com>
> ---
>  drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
> index cacd454ac696..c39b866e2582 100644
> --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
> +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
> @@ -132,6 +132,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
>  						 DMA_TO_DEVICE);
>  	if (unlikely(dma_mapping_error(dev, acl_entry_cfg->key_iova))) {
>  		dev_err(dev, "DMA mapping failed\n");
> +		kfree(cmd_buff);
>  		return -EFAULT;
>  	}
>  
> @@ -142,6 +143,7 @@ int dpaa2_switch_acl_entry_add(struct dpaa2_switch_filter_block *filter_block,
>  			 DMA_TO_DEVICE);
>  	if (err) {
>  		dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
> +		kfree(cmd_buff);

To reduce the number of kfree() calls, this last one can be put right
before checking for error, and we could remove the kfree(cmd_buff) call at
the very end. I mean that was already the intention, if you look at the
dma_unmap_single() call compared to the error checking. Like this:

	err = dpsw_acl_add_entry(...);

	dma_unmap_single(dev, acl_entry_cfg->key_iova, sizeof(cmd_buff),
			 DMA_TO_DEVICE);
	kfree(cmd_buff);

	if (err) {
		dev_err(dev, "dpsw_acl_add_entry() failed %d\n", err);
		return err;
	}

	return 0;
}

>  		return err;
>  	}
>  
> @@ -172,6 +174,7 @@ dpaa2_switch_acl_entry_remove(struct dpaa2_switch_filter_block *block,
>  						 DMA_TO_DEVICE);
>  	if (unlikely(dma_mapping_error(dev, acl_entry_cfg->key_iova))) {
>  		dev_err(dev, "DMA mapping failed\n");
> +		kfree(cmd_buff);
>  		return -EFAULT;
>  	}
>  
> @@ -182,6 +185,7 @@ dpaa2_switch_acl_entry_remove(struct dpaa2_switch_filter_block *block,
>  			 DMA_TO_DEVICE);
>  	if (err) {
>  		dev_err(dev, "dpsw_acl_remove_entry() failed %d\n", err);
> +		kfree(cmd_buff);

Similar here:

	err = dpsw_acl_remove_entry(ethsw->mc_io, 0, ethsw->dpsw_handle,
				    block->acl_id, acl_entry_cfg);

	dma_unmap_single(dev, acl_entry_cfg->key_iova, sizeof(cmd_buff),
			 DMA_TO_DEVICE);
	kfree(cmd_buff);

	if (err) {
		dev_err(dev, "dpsw_acl_remove_entry() failed %d\n", err);
		return err;
	}

	return 0;
}

>  		return err;
>  	}
>  
> -- 
> 2.17.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ