> -----Original Message----- > From: Vitaly Kuznetsov [mailto:vkuznets@xxxxxxxxxx] > Sent: Monday, May 30, 2016 7:18 AM > To: linux-pci@xxxxxxxxxxxxxxx > Cc: linux-kernel@xxxxxxxxxxxxxxx; devel@xxxxxxxxxxxxxxxxxxxxxx; Bjorn > Helgaas <bhelgaas@xxxxxxxxxx>; Haiyang Zhang > <haiyangz@xxxxxxxxxxxxx>; KY Srinivasan <kys@xxxxxxxxxxxxx>; Jake > Oshins <jakeo@xxxxxxxxxxxxx> > Subject: [PATCH 1/2] PCI: hv: don't leak buffer in hv_pci_onchannelcallback() > > We don't free buffer on several code paths in hv_pci_onchannelcallback(), > put kfree() to the end of the function to fix the issue. Direct { kfree(); > return; } can now be replaced with a simple 'break'; > > Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> Acked-by: Jake Oshins <jakeo@xxxxxxxxxxxxx> > --- > drivers/pci/host/pci-hyperv.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c > index 7e9b2de..a68ec49 100644 > --- a/drivers/pci/host/pci-hyperv.c > +++ b/drivers/pci/host/pci-hyperv.c > @@ -1661,10 +1661,8 @@ static void hv_pci_onchannelcallback(void > *context) > * All incoming packets must be at least as large as a > * response. > */ > - if (bytes_recvd <= sizeof(struct pci_response)) { > - kfree(buffer); > - return; > - } > + if (bytes_recvd <= sizeof(struct pci_response)) > + break; > desc = (struct vmpacket_descriptor *)buffer; > > switch (desc->type) { > @@ -1679,8 +1677,7 @@ static void hv_pci_onchannelcallback(void > *context) > comp_packet->completion_func(comp_packet- > >compl_ctxt, > response, > bytes_recvd); > - kfree(buffer); > - return; > + break; > > case VM_PKT_DATA_INBAND: > > @@ -1729,6 +1726,8 @@ static void hv_pci_onchannelcallback(void > *context) > } > break; > } > + > + kfree(buffer); > } > > /** > -- > 2.5.5 This is a good fix. Thanks. -- Jake Oshins _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
