On Thu, 2014-08-21 at 09:56 -0700, Dan Williams wrote: > Apologies for the long delay on this, I've been distracted from > dmaengine for quite a while... > > On Thu, Jun 26, 2014 at 7:56 AM, Andy Shevchenko > <andriy.shevchenko@xxxxxxxxxxxxxxx> wrote: > > When we fail to allocate memory for thread->srcs or thread->dsts and src_cnt or > > dst_cnt great than 1 we leak memory on error path. This patch fixes the issue. > > > > Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> > > --- > > Since v2: > > - properly testing when noverify is unset (my bad I didn't do that previously) > > drivers/dma/dmatest.c | 19 ++++++++++--------- > > 1 file changed, 10 insertions(+), 9 deletions(-) > > > > diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c > > index 740013d..aa0ac14 100644 > > --- a/drivers/dma/dmatest.c > > +++ b/drivers/dma/dmatest.c > > @@ -441,7 +441,7 @@ static int dmatest_func(void *data) > > src_cnt = min_odd(params->pq_sources | 1, dma_maxpq(dev, 0)); > > dst_cnt = 2; > > > > - pq_coefs = kmalloc(params->pq_sources+1, GFP_KERNEL); > > + pq_coefs = kmalloc(params->pq_sources + 1, GFP_KERNEL); > > if (!pq_coefs) > > goto err_thread_type; > > > > @@ -450,7 +450,7 @@ static int dmatest_func(void *data) > > } else > > goto err_thread_type; > > > > - thread->srcs = kcalloc(src_cnt+1, sizeof(u8 *), GFP_KERNEL); > > + thread->srcs = kcalloc(src_cnt + 1, sizeof(u8 *), GFP_KERNEL); > > I'd still prefer to not see these whitespace changes in this patch, > checkpatch doesn't care. It's minor, no problem with that. > > > if (!thread->srcs) > > goto err_srcs; > > for (i = 0; i < src_cnt; i++) { > > @@ -458,9 +458,8 @@ static int dmatest_func(void *data) > > if (!thread->srcs[i]) > > goto err_srcbuf; > > } > > - thread->srcs[i] = NULL; > > Hmm, yes, this is already taken care of by the side effect of > kcalloc() zeroing all entries, but I like how it makes it explicit > that the last value in the array has special meaning. Leaving > unnecessary changes out of "fix" patches also makes them easier to > backport to older kernels (less opportunities for collisions). I got it. > > > > > - thread->dsts = kcalloc(dst_cnt+1, sizeof(u8 *), GFP_KERNEL); > > + thread->dsts = kcalloc(dst_cnt + 1, sizeof(u8 *), GFP_KERNEL); > > if (!thread->dsts) > > goto err_dsts; > > for (i = 0; i < dst_cnt; i++) { > > @@ -468,7 +467,6 @@ static int dmatest_func(void *data) > > if (!thread->dsts[i]) > > goto err_dstbuf; > > } > > - thread->dsts[i] = NULL; > > Same comment here, dma_init_dsts() looks for a NULL entry as the > termination sentinel which is not obvious... also, I suspect this is > the reason v1 and v2 accidentally deleted the +1 when allocating > "dsts" and "srcs" > > > > > set_user_nice(current, 10); > > > > @@ -751,14 +749,17 @@ static int dmatest_func(void *data) > > runtime = ktime_us_delta(ktime_get(), ktime); > > > > ret = 0; > > - for (i = 0; thread->dsts[i]; i++) > > - kfree(thread->dsts[i]); > > + > > + i = dst_cnt + 1; > > err_dstbuf: > > + while (--i >= 0) > > + kfree(thread->dsts[i]); > > What was wrong with old method of looping until we find a NULL entry? > Mirrors the init case and no need to initialize i, in fact > initializing i to dst_cnt+1 means we needlessly call kfree() on a > known NULL pointer. Actually nothing wrong with the method. Summarize all comments together the patch degenerate into moving of two labels. Right? > > > kfree(thread->dsts); > > err_dsts: > > - for (i = 0; thread->srcs[i]; i++) > > - kfree(thread->srcs[i]); > > + i = src_cnt + 1; > > err_srcbuf: > > + while (--i >= 0) > > + kfree(thread->srcs[i]); > > Same comment. -- Andy Shevchenko <andriy.shevchenko@xxxxxxxxx> Intel Finland Oy -- To unsubscribe from this list: send the line "unsubscribe dmaengine" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html