On 22.11.19 23:41, Navid Emamdoost wrote: > In the implementation of __gup_benchmark_ioctl() memory is leaked if the > passed cmd is invalid. Release pages before returning -1. > > Fixes: 714a3a1ebafe ("mm/gup_benchmark.c: add additional pinning methods") > Signed-off-by: Navid Emamdoost <navid.emamdoost@xxxxxxxxx> > --- > mm/gup_benchmark.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/mm/gup_benchmark.c b/mm/gup_benchmark.c > index 7dd602d7f8db..33ede5727523 100644 > --- a/mm/gup_benchmark.c > +++ b/mm/gup_benchmark.c > @@ -23,7 +23,7 @@ static int __gup_benchmark_ioctl(unsigned int cmd, > struct gup_benchmark *gup) > { > ktime_t start_time, end_time; > - unsigned long i, nr_pages, addr, next; > + unsigned long i, j, nr_pages, addr, next; > int nr; > struct page **pages; > > @@ -63,6 +63,12 @@ static int __gup_benchmark_ioctl(unsigned int cmd, > NULL); > break; > default: > + for (j = 0; j < i; j++) { > + if (!pages[j]) > + break; > + put_page(pages[j]); > + } We didn't pin any pages, why should we release them? IMHO, all that's needed is the ... > + kvfree(pages); .. here > return -1; > } > Not sure how often CONFIG_GUP_BENCHMARK is really enabled. Maybe we should Cc: stable@xxxxxxxxxxxxxxx # v4.20+ With only the kvfree(pages) Reviewed-by: David Hildenbrand <david@xxxxxxxxxx> -- Thanks, David / dhildenb