On Sun, May 09, 2021 at 09:13:03AM +0200, Christophe JAILLET wrote:
> If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be
> updated and 'hv_uio_cleanup()' in the error handling path will not be
> able to free the corresponding buffer.
>
> In such a case, we need to free the buffer explicitly.
>
> Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
> ---
> Before commit cdfa835c6e5e, the 'vfree' were done unconditionally
> in 'hv_uio_cleanup()'.
> So, another way for fixing the potential leak is to modify
> 'hv_uio_cleanup()' and revert to the previous behavior.
>
I think this is cleaner.
Stephen, you authored cdfa835c6e5e. What do you think?
Christophe, OOI how did you discover these issues?
> I don't know the underlying reason for this change so I don't know which is
> the best way to fix this error handling path. Unless there is a specific
> reason, changing 'hv_uio_cleanup()' could be better because it would keep
> the error handling path of the probe cleaner, IMHO.
> ---
> drivers/uio/uio_hv_generic.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c
> index 0330ba99730e..eebc399f2cc7 100644
> --- a/drivers/uio/uio_hv_generic.c
> +++ b/drivers/uio/uio_hv_generic.c
> @@ -296,8 +296,10 @@ hv_uio_probe(struct hv_device *dev,
>
> ret = vmbus_establish_gpadl(channel, pdata->recv_buf,
> RECV_BUFFER_SIZE, &pdata->recv_gpadl);
> - if (ret)
> + if (ret) {
> + vfree(pdata->recv_buf);
> goto fail_close;
> + }
>
> /* put Global Physical Address Label in name */
> snprintf(pdata->recv_name, sizeof(pdata->recv_name),
> @@ -316,8 +318,10 @@ hv_uio_probe(struct hv_device *dev,
>
> ret = vmbus_establish_gpadl(channel, pdata->send_buf,
> SEND_BUFFER_SIZE, &pdata->send_gpadl);
> - if (ret)
> + if (ret) {
> + vfree(pdata->send_buf);
> goto fail_close;
> + }
>
> snprintf(pdata->send_name, sizeof(pdata->send_name),
> "send:%u", pdata->send_gpadl);
> --
> 2.30.2
>
