Re: [PATCH -next] virtio: fix possible memory leak in virtqueue_add()

From: Michael S. Tsirkin
Date: Tue Aug 02 2016 - 10:05:12 EST

Next message: Michal Marek: "Re: [RFC][PATCHSET v2] allowing exports in *.S"
Previous message: Baole Ni: "[PATCH 1274/1285] Replace numeric parameter like 0444 with macro"
In reply to: Wei Yongjun: "[PATCH -next] virtio: fix possible memory leak in virtqueue_add()"
Next in thread: Wei Yongjun: "[PATCH -next v2] virtio: fix possible memory leak in virtqueue_add()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 02, 2016 at 01:59:05PM +0000, Wei Yongjun wrote:
> desc may malloced in virtqueue_add() and should be freed before
> leaving from the error handling cases, otherwise it will cause
> memory leak.
>
> Signed-off-by: Wei Yongjun <weiyj.lk@xxxxxxxxx>
> ---
> drivers/virtio/virtio_ring.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
> index 114a0c8..bda71ef 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -328,6 +328,7 @@ static inline int virtqueue_add(struct virtqueue *_vq,
> if (out_sgs)
> vq->notify(&vq->vq);
> END_USE(vq);
> + kfree(desc);

I think only if indirect is true, otherwise you will free
vq->vring.desc.

> return -ENOSPC;
> }

Next message: Michal Marek: "Re: [RFC][PATCHSET v2] allowing exports in *.S"
Previous message: Baole Ni: "[PATCH 1274/1285] Replace numeric parameter like 0444 with macro"
In reply to: Wei Yongjun: "[PATCH -next] virtio: fix possible memory leak in virtqueue_add()"
Next in thread: Wei Yongjun: "[PATCH -next v2] virtio: fix possible memory leak in virtqueue_add()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]