[PATCH] RDMA/ucma: Fix resource leak on error path
From: Alex Dewar
Date: Wed Sep 02 2020 - 12:25:19 EST
In ucma_process_join(), if the call to xa_alloc() fails, the function
will return without freeing mc. Fix this by jumping to the correct line.
In the process I renamed the jump labels to something more memorable for
extra clarity.
Addresses-Coverity: ("Resource leak")
Fixes: 95fe51096b7a ("RDMA/ucma: Remove mc_list and rely on xarray")
Signed-off-by: Alex Dewar <alex.dewar90@xxxxxxxxx>
---
drivers/infiniband/core/ucma.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index f2c9ef6ae481..a5595bd489b0 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -1453,7 +1453,7 @@ static ssize_t ucma_process_join(struct ucma_file *file,
mc = kzalloc(sizeof(*mc), GFP_KERNEL);
if (!mc) {
ret = -ENOMEM;
- goto err1;
+ goto err_put_ctx;
}
mc->ctx = ctx;
@@ -1464,7 +1464,7 @@ static ssize_t ucma_process_join(struct ucma_file *file,
if (xa_alloc(&multicast_table, &mc->id, NULL, xa_limit_32b,
GFP_KERNEL)) {
ret = -ENOMEM;
- goto err1;
+ goto err_free_mc;
}
mutex_lock(&ctx->mutex);
@@ -1472,13 +1472,13 @@ static ssize_t ucma_process_join(struct ucma_file *file,
join_state, mc);
mutex_unlock(&ctx->mutex);
if (ret)
- goto err2;
+ goto err_xa_erase;
resp.id = mc->id;
if (copy_to_user(u64_to_user_ptr(cmd->response),
&resp, sizeof(resp))) {
ret = -EFAULT;
- goto err3;
+ goto err_leave_multicast;
}
xa_store(&multicast_table, mc->id, mc, 0);
@@ -1486,15 +1486,16 @@ static ssize_t ucma_process_join(struct ucma_file *file,
ucma_put_ctx(ctx);
return 0;
-err3:
+err_leave_multicast:
mutex_lock(&ctx->mutex);
rdma_leave_multicast(ctx->cm_id, (struct sockaddr *) &mc->addr);
mutex_unlock(&ctx->mutex);
ucma_cleanup_mc_events(mc);
-err2:
+err_xa_erase:
xa_erase(&multicast_table, mc->id);
+err_free_mc:
kfree(mc);
-err1:
+err_put_ctx:
ucma_put_ctx(ctx);
return ret;
}
--
2.28.0