| Message ID | 1565813771-8967-1-git-send-email-wenwen@cs.uga.edu |
|---|---|
| State | Rejected |
| Delegated to: | David Miller |
| Headers | show |
| Series | hv_netvsc: Fix a memory leak bug | expand |
> -----Original Message----- > From: Wenwen Wang <wenwen@cs.uga.edu> > Sent: Wednesday, August 14, 2019 4:16 PM > To: Wenwen Wang <wenwen@cs.uga.edu> > Cc: KY Srinivasan <kys@microsoft.com>; Haiyang Zhang > <haiyangz@microsoft.com>; Stephen Hemminger > <sthemmin@microsoft.com>; Sasha Levin <sashal@kernel.org>; David S. > Miller <davem@davemloft.net>; open list:Hyper-V CORE AND DRIVERS > <linux-hyperv@vger.kernel.org>; open list:NETWORKING DRIVERS > <netdev@vger.kernel.org>; open list <linux-kernel@vger.kernel.org> > Subject: [PATCH] hv_netvsc: Fix a memory leak bug > > In rndis_filter_device_add(), 'rndis_device' is allocated through kzalloc() > by invoking get_rndis_device(). In the following execution, if an error > occurs, the execution will go to the 'err_dev_remv' label. However, the > allocated 'rndis_device' is not deallocated, leading to a memory leak bug. > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> > --- > drivers/net/hyperv/rndis_filter.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/hyperv/rndis_filter.c > b/drivers/net/hyperv/rndis_filter.c > index 317dbe9..ed35085 100644 > --- a/drivers/net/hyperv/rndis_filter.c > +++ b/drivers/net/hyperv/rndis_filter.c > @@ -1420,6 +1420,7 @@ struct netvsc_device > *rndis_filter_device_add(struct hv_device *dev, > > err_dev_remv: > rndis_filter_device_remove(dev, net_device); > + kfree(rndis_device); The kfree() is not necessary here. Because it is already freed by -- rndis_filter_device_remove() --> netvsc_device_remove() --> free_netvsc_device_rcu() --> free_netvsc_device() --> kfree(nvdev->extension); //This frees rndis_device. Thanks, - Haiyang
On Wed, 14 Aug 2019 15:16:11 -0500 Wenwen Wang <wenwen@cs.uga.edu> wrote: > In rndis_filter_device_add(), 'rndis_device' is allocated through kzalloc() > by invoking get_rndis_device(). In the following execution, if an error > occurs, the execution will go to the 'err_dev_remv' label. However, the > allocated 'rndis_device' is not deallocated, leading to a memory leak bug. > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> > --- > drivers/net/hyperv/rndis_filter.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c > index 317dbe9..ed35085 100644 > --- a/drivers/net/hyperv/rndis_filter.c > +++ b/drivers/net/hyperv/rndis_filter.c > @@ -1420,6 +1420,7 @@ struct netvsc_device *rndis_filter_device_add(struct hv_device *dev, > > err_dev_remv: > rndis_filter_device_remove(dev, net_device); > + kfree(rndis_device); > return ERR_PTR(ret); > } > The rndis_device is already freed by: rndis_filter_device_remove netvsc_device_remove free_netvsc_device_rcu free_netvsc_device called by rcu static void free_netvsc_device(struct rcu_head *head) { struct netvsc_device *nvdev = container_of(head, struct netvsc_device, rcu); int i; kfree(nvdev->extension); << here
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c index 317dbe9..ed35085 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -1420,6 +1420,7 @@ struct netvsc_device *rndis_filter_device_add(struct hv_device *dev, err_dev_remv: rndis_filter_device_remove(dev, net_device); + kfree(rndis_device); return ERR_PTR(ret); }
In rndis_filter_device_add(), 'rndis_device' is allocated through kzalloc() by invoking get_rndis_device(). In the following execution, if an error occurs, the execution will go to the 'err_dev_remv' label. However, the allocated 'rndis_device' is not deallocated, leading to a memory leak bug. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- drivers/net/hyperv/rndis_filter.c | 1 + 1 file changed, 1 insertion(+)