Re: [PATCH] virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed

From: Jason Wang
Date: Tue Mar 12 2019 - 04:01:12 EST

Next message: Kangjie Lu: "[PATCH] net: cw1200: fix a NULL pointer dereference"
Previous message: Jani Nikula: "Re: INFO: rcu detected stall in sys_sendfile64 (2)"
In reply to: Yue Haibing: "[PATCH] virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019/3/12 äå3:06, Yue Haibing wrote:

From: YueHaibing <yuehaibing@xxxxxxxxxx>

'desc' should be freed before leaving from err handing path.

Fixes: 1ce9e6055fa0 ("virtio_ring: introduce packed ring support")
Signed-off-by: YueHaibing <yuehaibing@xxxxxxxxxx>
---
drivers/virtio/virtio_ring.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index a0b07c3..9d95d9c 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -991,6 +991,7 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq,
if (unlikely(vq->vq.num_free < 1)) {
pr_debug("Can't add buf len 1 - avail = 0\n");
+ kfree(desc);
END_USE(vq);
return -ENOSPC;
}

Or you can move the check before the allocation.

Acked-by: Jason Wang <jasowang@xxxxxxxxxx>

Please cc stable next time.

Thanks

Next message: Kangjie Lu: "[PATCH] net: cw1200: fix a NULL pointer dereference"
Previous message: Jani Nikula: "Re: INFO: rcu detected stall in sys_sendfile64 (2)"
In reply to: Yue Haibing: "[PATCH] virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]