On Sun 2019-09-08 13:41:51, Greg Kroah-Hartman wrote: > [ Upstream commit c554336efa9bbc28d6ec14efbee3c7d63c61a34f ] > > In blocked_fl_write(), 't' is not deallocated if bitmap_parse_user() fails, > leading to a memory leak bug. To fix this issue, free t before returning > the error. The code is quite strange ... it seems to use kvfree when free would be enough. Is that worth fixing? blocked_fl_read() seems to have same problem. Best regards, Pavel > Signed-off-by: Wenwen Wang <wenwen@xxxxxxxxxx> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > --- > drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c > index 0f72f9c4ec74c..b429b726b987b 100644 > --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c > +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c > @@ -3276,8 +3276,10 @@ static ssize_t blocked_fl_write(struct file *filp, const char __user *ubuf, > return -ENOMEM; > > err = bitmap_parse_user(ubuf, count, t, adap->sge.egr_sz); > - if (err) > + if (err) { > + kvfree(t); > return err; > + } > > bitmap_copy(adap->sge.blocked_fl, t, adap->sge.egr_sz); > kvfree(t); -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature