[PATCH 4.19 13/84] iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init

From: Greg Kroah-Hartman
Date: Thu Jan 16 2020 - 18:39:54 EST

Next message: Borislav Petkov: "Re: [PATCH v9 1/2] dt-bindings: edac: arm-dmc520.txt"
Previous message: Rafael J. Wysocki: "Re: linux-next: build failure after merge of the kunit-next tree"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 18/84] RDMA/bnxt_re: Avoid freeing MR resources if dereg fails"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 11/84] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>

commit 0f4f199443faca715523b0659aa536251d8b978f upstream.

In iwl_pcie_ctxt_info_gen3_init there are cases that the allocated dma
memory is leaked in case of error.

DMA memories prph_scratch, prph_info, and ctxt_info_gen3 are allocated
and initialized to be later assigned to trans_pcie. But in any error case
before such assignment the allocated memories should be released.

First of such error cases happens when iwl_pcie_init_fw_sec fails.
Current implementation correctly releases prph_scratch. But in two
sunsequent error cases where dma_alloc_coherent may fail, such
releases are missing.

This commit adds release for prph_scratch when allocation for
prph_info fails, and adds releases for prph_scratch and prph_info when
allocation for ctxt_info_gen3 fails.

Fixes: 2ee824026288 ("iwlwifi: pcie: support context information for 22560 devices")
Signed-off-by: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>
Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx>
Signed-off-by: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 36 ++++++++++-----
1 file changed, 25 insertions(+), 11 deletions(-)

--- a/drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c
@@ -102,13 +102,9 @@ int iwl_pcie_ctxt_info_gen3_init(struct

/* allocate ucode sections in dram and set addresses */
ret = iwl_pcie_init_fw_sec(trans, fw, &prph_scratch->dram);
- if (ret) {
- dma_free_coherent(trans->dev,
- sizeof(*prph_scratch),
- prph_scratch,
- trans_pcie->prph_scratch_dma_addr);
- return ret;
- }
+ if (ret)
+ goto err_free_prph_scratch;
+

/* Allocate prph information
* currently we don't assign to the prph info anything, but it would get
@@ -116,16 +112,20 @@ int iwl_pcie_ctxt_info_gen3_init(struct
prph_info = dma_alloc_coherent(trans->dev, sizeof(*prph_info),
&trans_pcie->prph_info_dma_addr,
GFP_KERNEL);
- if (!prph_info)
- return -ENOMEM;
+ if (!prph_info) {
+ ret = -ENOMEM;
+ goto err_free_prph_scratch;
+ }

/* Allocate context info */
ctxt_info_gen3 = dma_alloc_coherent(trans->dev,
sizeof(*ctxt_info_gen3),
&trans_pcie->ctxt_info_dma_addr,
GFP_KERNEL);
- if (!ctxt_info_gen3)
- return -ENOMEM;
+ if (!ctxt_info_gen3) {
+ ret = -ENOMEM;
+ goto err_free_prph_info;
+ }

ctxt_info_gen3->prph_info_base_addr =
cpu_to_le64(trans_pcie->prph_info_dma_addr);
@@ -176,6 +176,20 @@ int iwl_pcie_ctxt_info_gen3_init(struct
iwl_set_bit(trans, CSR_GP_CNTRL, CSR_AUTO_FUNC_INIT);

return 0;
+
+err_free_prph_info:
+ dma_free_coherent(trans->dev,
+ sizeof(*prph_info),
+ prph_info,
+ trans_pcie->prph_info_dma_addr);
+
+err_free_prph_scratch:
+ dma_free_coherent(trans->dev,
+ sizeof(*prph_scratch),
+ prph_scratch,
+ trans_pcie->prph_scratch_dma_addr);
+ return ret;
+
}

void iwl_pcie_ctxt_info_gen3_free(struct iwl_trans *trans)

Next message: Borislav Petkov: "Re: [PATCH v9 1/2] dt-bindings: edac: arm-dmc520.txt"
Previous message: Rafael J. Wysocki: "Re: linux-next: build failure after merge of the kunit-next tree"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 18/84] RDMA/bnxt_re: Avoid freeing MR resources if dereg fails"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 11/84] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]