Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
> On 1/3/21 2:22 PM, dinghao@zju.edu.cn wrote:
> >> On 2021/1/3 12:08, dinghao@zju.edu.cn wrote:
> Hi,
>
> On 2021/1/2 17:50, Dinghao Liu wrote:
> > When irq_domain_get_irq_data() or irqd_cfg() fails
> > meanwhile i == 0, data allocated by kzalloc() has not
> > been freed before returning, which leads to memleak.
> >
> > Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to
> > support hierarchical irqdomains")
> > Signed-off-by: Dinghao Liu
> > ---
> > drivers/iommu/intel/irq_remapping.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/iommu/intel/irq_remapping.c
> > b/drivers/iommu/intel/irq_remapping.c
> > index aeffda92b10b..cdaeed36750f 100644
> > --- a/drivers/iommu/intel/irq_remapping.c
> > +++ b/drivers/iommu/intel/irq_remapping.c
> > @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct
> > irq_domain *domain,
> > irq_cfg = irqd_cfg(irq_data);
> > if (!irq_data || !irq_cfg) {
> > ret = -EINVAL;
> > + kfree(data);
> > + data = NULL;
>
> Do you need to check (i == 0) here? @data will not be used anymore as it
> goes to out branch, why setting it to NULL here?
>
> >>>
> >>> data will be passed to ire_data->chip_data when i == 0 and
> >>> intel_free_irq_resources() will free it on failure. Thus I
> >>
> >> Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data
> >> won't be freed by intel_free_irq_resources(), hence memory leaking. Does
> >> this patch aim to fix this?
> >>
> >> Best regards,
> >> baolu
> >>
> >
> > Correct, this is what I mean. When i > 0, data has been passed to
> > irq_data->chip_data, which will be freed in intel_free_irq_resources()
> > on failure. So there is no memleak in this case. The memleak only occurs
> > on failure when i == 0 (data has not been passed to irq_data->chip_data).
>
> So how about
>
> diff --git a/drivers/iommu/intel/irq_remapping.c
> b/drivers/iommu/intel/irq_remapping.c
> index aeffda92b10b..685200a5cff0 100644
> --- a/drivers/iommu/intel/irq_remapping.c
> +++ b/drivers/iommu/intel/irq_remapping.c
> @@ -1353,6 +1353,8 @@ static int intel_irq_remapping_alloc(struct
> irq_domain *domain,
> irq_data = irq_domain_get_irq_data(domain, virq + i);
> irq_cfg = irqd_cfg(irq_data);
> if (!irq_data || !irq_cfg) {
> + if (!i)
> + kfree(data);
> ret = -EINVAL;
> goto out_free_data;
> }
>
> > I set data to NULL after kfree() in this patch to prevent double-free
> > when the failure occurs at i > 0.
>
> if i>0, @data has been passed and will be freed by
> intel_free_irq_resources() on the failure path. No need to free or
> clear, right?
Right, this is clearer. Thank you for your advice and I will resend a
new patch soon.
Regards,
Dinghao
>
> Best regards,
> baolu
>
> >
> > Regards,
> > Dinghao
> >
> >>> set it to NULL to prevent double-free. However, if we add
> >>> a check (i == 0) here, we will not need to set it to NULL.
> >>> If this is better, I will resend a new patch soon.
> >>>
> >>> Regards,
> >>> Dinghao
> >>>
Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
On 1/3/21 2:22 PM, dinghao@zju.edu.cn wrote:
On 2021/1/3 12:08, dinghao@zju.edu.cn wrote:
Hi,
On 2021/1/2 17:50, Dinghao Liu wrote:
When irq_domain_get_irq_data() or irqd_cfg() fails
meanwhile i == 0, data allocated by kzalloc() has not
been freed before returning, which leads to memleak.
Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support
hierarchical irqdomains")
Signed-off-by: Dinghao Liu
---
drivers/iommu/intel/irq_remapping.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/intel/irq_remapping.c
b/drivers/iommu/intel/irq_remapping.c
index aeffda92b10b..cdaeed36750f 100644
--- a/drivers/iommu/intel/irq_remapping.c
+++ b/drivers/iommu/intel/irq_remapping.c
@@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain
*domain,
irq_cfg = irqd_cfg(irq_data);
if (!irq_data || !irq_cfg) {
ret = -EINVAL;
+ kfree(data);
+ data = NULL;
Do you need to check (i == 0) here? @data will not be used anymore as it
goes to out branch, why setting it to NULL here?
data will be passed to ire_data->chip_data when i == 0 and
intel_free_irq_resources() will free it on failure. Thus I
Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data
won't be freed by intel_free_irq_resources(), hence memory leaking. Does
this patch aim to fix this?
Best regards,
baolu
Correct, this is what I mean. When i > 0, data has been passed to
irq_data->chip_data, which will be freed in intel_free_irq_resources()
on failure. So there is no memleak in this case. The memleak only occurs
on failure when i == 0 (data has not been passed to irq_data->chip_data).
So how about
diff --git a/drivers/iommu/intel/irq_remapping.c
b/drivers/iommu/intel/irq_remapping.c
index aeffda92b10b..685200a5cff0 100644
--- a/drivers/iommu/intel/irq_remapping.c
+++ b/drivers/iommu/intel/irq_remapping.c
@@ -1353,6 +1353,8 @@ static int intel_irq_remapping_alloc(struct
irq_domain *domain,
irq_data = irq_domain_get_irq_data(domain, virq + i);
irq_cfg = irqd_cfg(irq_data);
if (!irq_data || !irq_cfg) {
+ if (!i)
+ kfree(data);
ret = -EINVAL;
goto out_free_data;
}
I set data to NULL after kfree() in this patch to prevent double-free
when the failure occurs at i > 0.
if i>0, @data has been passed and will be freed by
intel_free_irq_resources() on the failure path. No need to free or
clear, right?
Best regards,
baolu
Regards,
Dinghao
set it to NULL to prevent double-free. However, if we add
a check (i == 0) here, we will not need to set it to NULL.
If this is better, I will resend a new patch soon.
Regards,
Dinghao
Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
> On 2021/1/3 12:08, dinghao@zju.edu.cn wrote:
> >> Hi,
> >>
> >> On 2021/1/2 17:50, Dinghao Liu wrote:
> >>> When irq_domain_get_irq_data() or irqd_cfg() fails
> >>> meanwhile i == 0, data allocated by kzalloc() has not
> >>> been freed before returning, which leads to memleak.
> >>>
> >>> Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to
> >>> support hierarchical irqdomains")
> >>> Signed-off-by: Dinghao Liu
> >>> ---
> >>>drivers/iommu/intel/irq_remapping.c | 2 ++
> >>>1 file changed, 2 insertions(+)
> >>>
> >>> diff --git a/drivers/iommu/intel/irq_remapping.c
> >>> b/drivers/iommu/intel/irq_remapping.c
> >>> index aeffda92b10b..cdaeed36750f 100644
> >>> --- a/drivers/iommu/intel/irq_remapping.c
> >>> +++ b/drivers/iommu/intel/irq_remapping.c
> >>> @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct
> >>> irq_domain *domain,
> >>> irq_cfg = irqd_cfg(irq_data);
> >>> if (!irq_data || !irq_cfg) {
> >>> ret = -EINVAL;
> >>> + kfree(data);
> >>> + data = NULL;
> >>
> >> Do you need to check (i == 0) here? @data will not be used anymore as it
> >> goes to out branch, why setting it to NULL here?
> >>
> >
> > data will be passed to ire_data->chip_data when i == 0 and
> > intel_free_irq_resources() will free it on failure. Thus I
>
> Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data
> won't be freed by intel_free_irq_resources(), hence memory leaking. Does
> this patch aim to fix this?
>
> Best regards,
> baolu
>
Correct, this is what I mean. When i > 0, data has been passed to
irq_data->chip_data, which will be freed in intel_free_irq_resources()
on failure. So there is no memleak in this case. The memleak only occurs
on failure when i == 0 (data has not been passed to irq_data->chip_data).
I set data to NULL after kfree() in this patch to prevent double-free
when the failure occurs at i > 0.
Regards,
Dinghao
> > set it to NULL to prevent double-free. However, if we add
> > a check (i == 0) here, we will not need to set it to NULL.
> > If this is better, I will resend a new patch soon.
> >
> > Regards,
> > Dinghao
> >
Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
On 2021/1/3 12:08, dinghao@zju.edu.cn wrote:
Hi,
On 2021/1/2 17:50, Dinghao Liu wrote:
When irq_domain_get_irq_data() or irqd_cfg() fails
meanwhile i == 0, data allocated by kzalloc() has not
been freed before returning, which leads to memleak.
Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support
hierarchical irqdomains")
Signed-off-by: Dinghao Liu
---
drivers/iommu/intel/irq_remapping.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/intel/irq_remapping.c
b/drivers/iommu/intel/irq_remapping.c
index aeffda92b10b..cdaeed36750f 100644
--- a/drivers/iommu/intel/irq_remapping.c
+++ b/drivers/iommu/intel/irq_remapping.c
@@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain
*domain,
irq_cfg = irqd_cfg(irq_data);
if (!irq_data || !irq_cfg) {
ret = -EINVAL;
+ kfree(data);
+ data = NULL;
Do you need to check (i == 0) here? @data will not be used anymore as it
goes to out branch, why setting it to NULL here?
data will be passed to ire_data->chip_data when i == 0 and
intel_free_irq_resources() will free it on failure. Thus I
Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data
won't be freed by intel_free_irq_resources(), hence memory leaking. Does
this patch aim to fix this?
Best regards,
baolu
set it to NULL to prevent double-free. However, if we add
a check (i == 0) here, we will not need to set it to NULL.
If this is better, I will resend a new patch soon.
Regards,
Dinghao
Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
> Hi,
>
> On 2021/1/2 17:50, Dinghao Liu wrote:
> > When irq_domain_get_irq_data() or irqd_cfg() fails
> > meanwhile i == 0, data allocated by kzalloc() has not
> > been freed before returning, which leads to memleak.
> >
> > Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to
> > support hierarchical irqdomains")
> > Signed-off-by: Dinghao Liu
> > ---
> > drivers/iommu/intel/irq_remapping.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/iommu/intel/irq_remapping.c
> > b/drivers/iommu/intel/irq_remapping.c
> > index aeffda92b10b..cdaeed36750f 100644
> > --- a/drivers/iommu/intel/irq_remapping.c
> > +++ b/drivers/iommu/intel/irq_remapping.c
> > @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct
> > irq_domain *domain,
> > irq_cfg = irqd_cfg(irq_data);
> > if (!irq_data || !irq_cfg) {
> > ret = -EINVAL;
> > + kfree(data);
> > + data = NULL;
>
> Do you need to check (i == 0) here? @data will not be used anymore as it
> goes to out branch, why setting it to NULL here?
>
data will be passed to ire_data->chip_data when i == 0 and
intel_free_irq_resources() will free it on failure. Thus I
set it to NULL to prevent double-free. However, if we add
a check (i == 0) here, we will not need to set it to NULL.
If this is better, I will resend a new patch soon.
Regards,
Dinghao
Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
Hi,
On 2021/1/2 17:50, Dinghao Liu wrote:
When irq_domain_get_irq_data() or irqd_cfg() fails
meanwhile i == 0, data allocated by kzalloc() has not
been freed before returning, which leads to memleak.
Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support
hierarchical irqdomains")
Signed-off-by: Dinghao Liu
---
drivers/iommu/intel/irq_remapping.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/intel/irq_remapping.c
b/drivers/iommu/intel/irq_remapping.c
index aeffda92b10b..cdaeed36750f 100644
--- a/drivers/iommu/intel/irq_remapping.c
+++ b/drivers/iommu/intel/irq_remapping.c
@@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain
*domain,
irq_cfg = irqd_cfg(irq_data);
if (!irq_data || !irq_cfg) {
ret = -EINVAL;
+ kfree(data);
+ data = NULL;
Do you need to check (i == 0) here? @data will not be used anymore as it
goes to out branch, why setting it to NULL here?
Best regards,
baolu
goto out_free_data;
}
