infiniband: hfi1: fix memory leaks [Linux 4.19.72]

This Linux kernel change "infiniband: hfi1: fix memory leaks" is included in the Linux 4.19.72 release. This change is authored by Wenwen Wang <wenwen [at] cs.uga.edu> on Sun Aug 18 13:54:46 2019 -0500. The commit for this change in Linux stable tree is 08c2052 (patch) which is from upstream commit 2323d7b. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 2323d7b.

infiniband: hfi1: fix memory leaks

[ Upstream commit 2323d7baab2b18d87d9bc267452e387aa9f0060a ]

In fault_opcodes_write(), 'data' is allocated through kcalloc(). However,
it is not deallocated in the following execution if an error occurs,
leading to memory leaks. To fix this issue, introduce the 'free_data' label
to free 'data' before returning the error.

Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Acked-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Link: https://lore.kernel.org/r/1566154486-3713-1-git-send-email-wenwen@cs.uga.edu
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

There are 9 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/infiniband/hw/hfi1/fault.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/infiniband/hw/hfi1/fault.c b/drivers/infiniband/hw/hfi1/fault.c
index 72ca0dc..5bc811b 100644
--- a/drivers/infiniband/hw/hfi1/fault.c
+++ b/drivers/infiniband/hw/hfi1/fault.c
@@ -141,12 +141,14 @@ static ssize_t fault_opcodes_write(struct file *file, const char __user *buf,
    if (!data)
        return -ENOMEM;
    copy = min(len, datalen - 1);
-   if (copy_from_user(data, buf, copy))
-       return -EFAULT;
+   if (copy_from_user(data, buf, copy)) {
+       ret = -EFAULT;
+       goto free_data;
+   }

    ret = debugfs_file_get(file->f_path.dentry);
    if (unlikely(ret))
-       return ret;
+       goto free_data;
    ptr = data;
    token = ptr;
    for (ptr = data; *ptr; ptr = end + 1, token = ptr) {
@@ -195,6 +197,7 @@ static ssize_t fault_opcodes_write(struct file *file, const char __user *buf,
    ret = len;

    debugfs_file_put(file->f_path.dentry);
+free_data:
    kfree(data);
    return ret;
 }

Leave a Reply

Your email address will not be published. Required fields are marked *