| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00b401dbadac$7b36f120$71a4d360$@trustnetic.com>
Date: Tue, 15 Apr 2025 10:17:04 +0800
From: Jiawen Wu <jiawenwu@...stnetic.com>
To: "'Abdun Nihaal'" <abdun.nihaal@...il.com>
Cc: <Markus.Elfring@....de>,
<mengyuanlou@...-swift.com>,
<andrew+netdev@...n.ch>,
<davem@...emloft.net>,
<edumazet@...gle.com>,
<kuba@...nel.org>,
<pabeni@...hat.com>,
<saikrishnag@...vell.com>,
<przemyslaw.kitszel@...el.com>,
<ecree.xilinx@...il.com>,
<netdev@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 net] net: ngbe: fix memory leak in ngbe_probe() error path
On Sat, Apr 12, 2025 11:49 PM, Abdun Nihaal wrote:
> When ngbe_sw_init() is called, memory is allocated for wx->rss_key
> in wx_init_rss_key(). However, in ngbe_probe() function, the subsequent
> error paths after ngbe_sw_init() don't free the rss_key. Fix that by
> freeing it in error path along with wx->mac_table.
>
> Also change the label to which execution jumps when ngbe_sw_init()
> fails, because otherwise, it could lead to a double free for rss_key,
> when the mac_table allocation fails in wx_sw_init().
>
> Fixes: 02338c484ab6 ("net: ngbe: Initialize sw info and register netdev")
> Signed-off-by: Abdun Nihaal <abdun.nihaal@...il.com>
> ---
> v1 -> v2:
> - Add fixes tag, as suggested by Markus and Jakub.
> - Also set the branch target as net instead of net-next as it is a fix
>
> v1 link: https://lore.kernel.org/all/20250409053804.47855-1-abdun.nihaal@gmail.com
>
> drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c
> index a6159214ec0a..91b3055a5a9f 100644
> --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c
> +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c
> @@ -625,7 +625,7 @@ static int ngbe_probe(struct pci_dev *pdev,
> /* setup the private structure */
> err = ngbe_sw_init(wx);
> if (err)
> - goto err_free_mac_table;
> + goto err_pci_release_regions;
>
> /* check if flash load is done after hw power up */
> err = wx_check_flash_load(wx, NGBE_SPI_ILDR_STATUS_PERST);
> @@ -719,6 +719,7 @@ static int ngbe_probe(struct pci_dev *pdev,
> err_clear_interrupt_scheme:
> wx_clear_interrupt_scheme(wx);
> err_free_mac_table:
> + kfree(wx->rss_key);
> kfree(wx->mac_table);
> err_pci_release_regions:
> pci_release_selected_regions(pdev,
> --
> 2.47.2
>
Reviewed-by: Jiawen Wu <jiawenwu@...stnetic.com>
Thanks Abdun,
I think this release bug is also present in txgbe driver.
Powered by blists - more mailing lists