Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
> On 1/3/21 2:22 PM, dinghao@zju.edu.cn wrote: > >> On 2021/1/3 12:08, dinghao@zju.edu.cn wrote: > Hi, > > On 2021/1/2 17:50, Dinghao Liu wrote: > > When irq_domain_get_irq_data() or irqd_cfg() fails > > meanwhile i == 0, data allocated by kzalloc() has not > > been freed before returning, which leads to memleak. > > > > Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to > > support hierarchical irqdomains") > > Signed-off-by: Dinghao Liu > > --- > > drivers/iommu/intel/irq_remapping.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/iommu/intel/irq_remapping.c > > b/drivers/iommu/intel/irq_remapping.c > > index aeffda92b10b..cdaeed36750f 100644 > > --- a/drivers/iommu/intel/irq_remapping.c > > +++ b/drivers/iommu/intel/irq_remapping.c > > @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct > > irq_domain *domain, > > irq_cfg = irqd_cfg(irq_data); > > if (!irq_data || !irq_cfg) { > > ret = -EINVAL; > > + kfree(data); > > + data = NULL; > > Do you need to check (i == 0) here? @data will not be used anymore as it > goes to out branch, why setting it to NULL here? > > >>> > >>> data will be passed to ire_data->chip_data when i == 0 and > >>> intel_free_irq_resources() will free it on failure. Thus I > >> > >> Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data > >> won't be freed by intel_free_irq_resources(), hence memory leaking. Does > >> this patch aim to fix this? > >> > >> Best regards, > >> baolu > >> > > > > Correct, this is what I mean. When i > 0, data has been passed to > > irq_data->chip_data, which will be freed in intel_free_irq_resources() > > on failure. So there is no memleak in this case. The memleak only occurs > > on failure when i == 0 (data has not been passed to irq_data->chip_data). > > So how about > > diff --git a/drivers/iommu/intel/irq_remapping.c > b/drivers/iommu/intel/irq_remapping.c > index aeffda92b10b..685200a5cff0 100644 > --- a/drivers/iommu/intel/irq_remapping.c > +++ b/drivers/iommu/intel/irq_remapping.c > @@ -1353,6 +1353,8 @@ static int intel_irq_remapping_alloc(struct > irq_domain *domain, > irq_data = irq_domain_get_irq_data(domain, virq + i); > irq_cfg = irqd_cfg(irq_data); > if (!irq_data || !irq_cfg) { > + if (!i) > + kfree(data); > ret = -EINVAL; > goto out_free_data; > } > > > I set data to NULL after kfree() in this patch to prevent double-free > > when the failure occurs at i > 0. > > if i>0, @data has been passed and will be freed by > intel_free_irq_resources() on the failure path. No need to free or > clear, right? Right, this is clearer. Thank you for your advice and I will resend a new patch soon. Regards, Dinghao > > Best regards, > baolu > > > > > Regards, > > Dinghao > > > >>> set it to NULL to prevent double-free. However, if we add > >>> a check (i == 0) here, we will not need to set it to NULL. > >>> If this is better, I will resend a new patch soon. > >>> > >>> Regards, > >>> Dinghao > >>>
Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
On 1/3/21 2:22 PM, dinghao@zju.edu.cn wrote: On 2021/1/3 12:08, dinghao@zju.edu.cn wrote: Hi, On 2021/1/2 17:50, Dinghao Liu wrote: When irq_domain_get_irq_data() or irqd_cfg() fails meanwhile i == 0, data allocated by kzalloc() has not been freed before returning, which leads to memleak. Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") Signed-off-by: Dinghao Liu --- drivers/iommu/intel/irq_remapping.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c index aeffda92b10b..cdaeed36750f 100644 --- a/drivers/iommu/intel/irq_remapping.c +++ b/drivers/iommu/intel/irq_remapping.c @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, irq_cfg = irqd_cfg(irq_data); if (!irq_data || !irq_cfg) { ret = -EINVAL; + kfree(data); + data = NULL; Do you need to check (i == 0) here? @data will not be used anymore as it goes to out branch, why setting it to NULL here? data will be passed to ire_data->chip_data when i == 0 and intel_free_irq_resources() will free it on failure. Thus I Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data won't be freed by intel_free_irq_resources(), hence memory leaking. Does this patch aim to fix this? Best regards, baolu Correct, this is what I mean. When i > 0, data has been passed to irq_data->chip_data, which will be freed in intel_free_irq_resources() on failure. So there is no memleak in this case. The memleak only occurs on failure when i == 0 (data has not been passed to irq_data->chip_data). So how about diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c index aeffda92b10b..685200a5cff0 100644 --- a/drivers/iommu/intel/irq_remapping.c +++ b/drivers/iommu/intel/irq_remapping.c @@ -1353,6 +1353,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, irq_data = irq_domain_get_irq_data(domain, virq + i); irq_cfg = irqd_cfg(irq_data); if (!irq_data || !irq_cfg) { + if (!i) + kfree(data); ret = -EINVAL; goto out_free_data; } I set data to NULL after kfree() in this patch to prevent double-free when the failure occurs at i > 0. if i>0, @data has been passed and will be freed by intel_free_irq_resources() on the failure path. No need to free or clear, right? Best regards, baolu Regards, Dinghao set it to NULL to prevent double-free. However, if we add a check (i == 0) here, we will not need to set it to NULL. If this is better, I will resend a new patch soon. Regards, Dinghao
Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
> On 2021/1/3 12:08, dinghao@zju.edu.cn wrote: > >> Hi, > >> > >> On 2021/1/2 17:50, Dinghao Liu wrote: > >>> When irq_domain_get_irq_data() or irqd_cfg() fails > >>> meanwhile i == 0, data allocated by kzalloc() has not > >>> been freed before returning, which leads to memleak. > >>> > >>> Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to > >>> support hierarchical irqdomains") > >>> Signed-off-by: Dinghao Liu > >>> --- > >>>drivers/iommu/intel/irq_remapping.c | 2 ++ > >>>1 file changed, 2 insertions(+) > >>> > >>> diff --git a/drivers/iommu/intel/irq_remapping.c > >>> b/drivers/iommu/intel/irq_remapping.c > >>> index aeffda92b10b..cdaeed36750f 100644 > >>> --- a/drivers/iommu/intel/irq_remapping.c > >>> +++ b/drivers/iommu/intel/irq_remapping.c > >>> @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct > >>> irq_domain *domain, > >>> irq_cfg = irqd_cfg(irq_data); > >>> if (!irq_data || !irq_cfg) { > >>> ret = -EINVAL; > >>> + kfree(data); > >>> + data = NULL; > >> > >> Do you need to check (i == 0) here? @data will not be used anymore as it > >> goes to out branch, why setting it to NULL here? > >> > > > > data will be passed to ire_data->chip_data when i == 0 and > > intel_free_irq_resources() will free it on failure. Thus I > > Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data > won't be freed by intel_free_irq_resources(), hence memory leaking. Does > this patch aim to fix this? > > Best regards, > baolu > Correct, this is what I mean. When i > 0, data has been passed to irq_data->chip_data, which will be freed in intel_free_irq_resources() on failure. So there is no memleak in this case. The memleak only occurs on failure when i == 0 (data has not been passed to irq_data->chip_data). I set data to NULL after kfree() in this patch to prevent double-free when the failure occurs at i > 0. Regards, Dinghao > > set it to NULL to prevent double-free. However, if we add > > a check (i == 0) here, we will not need to set it to NULL. > > If this is better, I will resend a new patch soon. > > > > Regards, > > Dinghao > >
Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
On 2021/1/3 12:08, dinghao@zju.edu.cn wrote: Hi, On 2021/1/2 17:50, Dinghao Liu wrote: When irq_domain_get_irq_data() or irqd_cfg() fails meanwhile i == 0, data allocated by kzalloc() has not been freed before returning, which leads to memleak. Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") Signed-off-by: Dinghao Liu --- drivers/iommu/intel/irq_remapping.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c index aeffda92b10b..cdaeed36750f 100644 --- a/drivers/iommu/intel/irq_remapping.c +++ b/drivers/iommu/intel/irq_remapping.c @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, irq_cfg = irqd_cfg(irq_data); if (!irq_data || !irq_cfg) { ret = -EINVAL; + kfree(data); + data = NULL; Do you need to check (i == 0) here? @data will not be used anymore as it goes to out branch, why setting it to NULL here? data will be passed to ire_data->chip_data when i == 0 and intel_free_irq_resources() will free it on failure. Thus I Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data won't be freed by intel_free_irq_resources(), hence memory leaking. Does this patch aim to fix this? Best regards, baolu set it to NULL to prevent double-free. However, if we add a check (i == 0) here, we will not need to set it to NULL. If this is better, I will resend a new patch soon. Regards, Dinghao
Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
> Hi, > > On 2021/1/2 17:50, Dinghao Liu wrote: > > When irq_domain_get_irq_data() or irqd_cfg() fails > > meanwhile i == 0, data allocated by kzalloc() has not > > been freed before returning, which leads to memleak. > > > > Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to > > support hierarchical irqdomains") > > Signed-off-by: Dinghao Liu > > --- > > drivers/iommu/intel/irq_remapping.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/iommu/intel/irq_remapping.c > > b/drivers/iommu/intel/irq_remapping.c > > index aeffda92b10b..cdaeed36750f 100644 > > --- a/drivers/iommu/intel/irq_remapping.c > > +++ b/drivers/iommu/intel/irq_remapping.c > > @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct > > irq_domain *domain, > > irq_cfg = irqd_cfg(irq_data); > > if (!irq_data || !irq_cfg) { > > ret = -EINVAL; > > + kfree(data); > > + data = NULL; > > Do you need to check (i == 0) here? @data will not be used anymore as it > goes to out branch, why setting it to NULL here? > data will be passed to ire_data->chip_data when i == 0 and intel_free_irq_resources() will free it on failure. Thus I set it to NULL to prevent double-free. However, if we add a check (i == 0) here, we will not need to set it to NULL. If this is better, I will resend a new patch soon. Regards, Dinghao
Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
Hi, On 2021/1/2 17:50, Dinghao Liu wrote: When irq_domain_get_irq_data() or irqd_cfg() fails meanwhile i == 0, data allocated by kzalloc() has not been freed before returning, which leads to memleak. Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") Signed-off-by: Dinghao Liu --- drivers/iommu/intel/irq_remapping.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c index aeffda92b10b..cdaeed36750f 100644 --- a/drivers/iommu/intel/irq_remapping.c +++ b/drivers/iommu/intel/irq_remapping.c @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, irq_cfg = irqd_cfg(irq_data); if (!irq_data || !irq_cfg) { ret = -EINVAL; + kfree(data); + data = NULL; Do you need to check (i == 0) here? @data will not be used anymore as it goes to out branch, why setting it to NULL here? Best regards, baolu goto out_free_data; }