| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c4b907aa-726b-4d44-b485-d24c7790c73c@intel.com>
Date: Fri, 26 Sep 2025 10:24:34 -0700
From: Dave Jiang <dave.jiang@...el.com>
To: Pavan Chebbi <pavan.chebbi@...adcom.com>
Cc: jgg@...pe.ca, michael.chan@...adcom.com, saeedm@...dia.com,
Jonathan.Cameron@...wei.com, davem@...emloft.net, corbet@....net,
edumazet@...gle.com, gospo@...adcom.com, kuba@...nel.org,
netdev@...r.kernel.org, pabeni@...hat.com, andrew+netdev@...n.ch,
selvin.xavier@...adcom.com, leon@...nel.org,
kalesh-anakkur.purayil@...adcom.com
Subject: Re: [PATCH net-next v3 4/5] bnxt_fwctl: Add bnxt fwctl device
On 9/26/25 10:11 AM, Pavan Chebbi wrote:
> On Fri, Sep 26, 2025 at 9:31 PM Dave Jiang <dave.jiang@...el.com> wrote:
>>
>>
>>
>
>>> + if (msg->num_dma) {
>>> + if (msg->num_dma > MAX_NUM_DMA_INDICATIONS) {
>>> + dev_err(dev, "DMA buffers exceed the number supported\n");
>>> + err = -EINVAL;
>>> + goto free_msg_out;
>>
>> Shouldn't rpc_in.resp get freed with an error returned? It's leaking rpc_in.resp on all the error paths from this point onward.
>>
>> DJ
>
> Isn't the caller taking care of it? The fw_rpc is called as:
> void *outbuf __free(kvfree) = fwctl->ops->fw_rpc()
> I was expecting that outbuf will be freed once it goes out of scope,
> regardless of success or error?
Not exactly. Because when the function errors, it is returning ERR_PTR(rc) rather than rpc_in.resp. So the caller can't really free it because it doesn't have the pointer to the buffer. And even for the sake of argument lets say it works that way, it's best practice to clean up in the function on error paths rather than expecting the caller to do it for you.
Powered by blists - more mailing lists