On Sun 2019-09-08 13:41:51, Greg Kroah-Hartman wrote:
> [ Upstream commit c554336efa9bbc28d6ec14efbee3c7d63c61a34f ]
>
> In blocked_fl_write(), 't' is not deallocated if bitmap_parse_user() fails,
> leading to a memory leak bug. To fix this issue, free t before returning
> the error.
The code is quite strange ... it seems to use kvfree when free would
be enough. Is that worth fixing? blocked_fl_read() seems to have same
problem.
Best regards,
Pavel
> Signed-off-by: Wenwen Wang <wenwen@xxxxxxxxxx>
> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> ---
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
> index 0f72f9c4ec74c..b429b726b987b 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
> +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
> @@ -3276,8 +3276,10 @@ static ssize_t blocked_fl_write(struct file *filp, const char __user *ubuf,
> return -ENOMEM;
>
> err = bitmap_parse_user(ubuf, count, t, adap->sge.egr_sz);
> - if (err)
> + if (err) {
> + kvfree(t);
> return err;
> + }
>
> bitmap_copy(adap->sge.blocked_fl, t, adap->sge.egr_sz);
> kvfree(t);
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
