From: Dan Carpenter <dan.carpenter@oracle.com>
To: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Cc: iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
kernel-janitors-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [patch] iommu/amd: fix a small leak in irq_remapping_alloc()
Date: Sat, 06 Dec 2014 13:52:57 +0000 [thread overview]
Message-ID: <20141206135257.GB17278@mwanda> (raw)
There is a memory leak here that was detected by Smatch:
drivers/iommu/amd_iommu.c:4261 irq_remapping_alloc()
warn: possible memory leak of 'data'
It happens if you hit the "if (!irq_data || !cfg) {" on the first
iteration through the loop. The original code was a bit weird. For
example, it treated the first allocation as a special case for some
reason. Anyway I cleaned it up a bit.
Fixes: ecf87b38d902 ('iommu/amd: Enhance AMD IR driver to suppport hierarchy irqdomain')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Please review this carefully. I haven't tested it.
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 35a38db..3bb69e4 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -4208,11 +4208,6 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
if (ret < 0)
return ret;
- ret = -ENOMEM;
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- goto out_free_parent;
-
if (info->type = X86_IRQ_ALLOC_TYPE_IOAPIC) {
if (get_irq_table(devid, true))
index = info->ioapic_pin;
@@ -4223,7 +4218,6 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
}
if (index < 0) {
pr_warn("Failed to allocate IRTE\n");
- kfree(data);
goto out_free_parent;
}
@@ -4232,14 +4226,16 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
cfg = irqd_cfg(irq_data);
if (!irq_data || !cfg) {
ret = -EINVAL;
- goto out_free_data;
+ goto out_unwind_loop;
}
- if (i > 0) {
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- goto out_free_data;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto out_unwind_loop;
}
+
irq_data->hwirq = (devid << 16) + i;
irq_data->chip_data = data;
irq_data->chip = &amd_ir_chip;
@@ -4248,8 +4244,8 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
}
return 0;
-out_free_data:
- for (i--; i >= 0; i--) {
+out_unwind_loop:
+ while (--i >= 0) {
irq_data = irq_domain_get_irq_data(domain, virq + i);
if (irq_data)
kfree(irq_data->chip_data);
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Cc: iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
kernel-janitors-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [patch] iommu/amd: fix a small leak in irq_remapping_alloc()
Date: Sat, 6 Dec 2014 16:52:57 +0300 [thread overview]
Message-ID: <20141206135257.GB17278@mwanda> (raw)
There is a memory leak here that was detected by Smatch:
drivers/iommu/amd_iommu.c:4261 irq_remapping_alloc()
warn: possible memory leak of 'data'
It happens if you hit the "if (!irq_data || !cfg) {" on the first
iteration through the loop. The original code was a bit weird. For
example, it treated the first allocation as a special case for some
reason. Anyway I cleaned it up a bit.
Fixes: ecf87b38d902 ('iommu/amd: Enhance AMD IR driver to suppport hierarchy irqdomain')
Signed-off-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
---
Please review this carefully. I haven't tested it.
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 35a38db..3bb69e4 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -4208,11 +4208,6 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
if (ret < 0)
return ret;
- ret = -ENOMEM;
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- goto out_free_parent;
-
if (info->type == X86_IRQ_ALLOC_TYPE_IOAPIC) {
if (get_irq_table(devid, true))
index = info->ioapic_pin;
@@ -4223,7 +4218,6 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
}
if (index < 0) {
pr_warn("Failed to allocate IRTE\n");
- kfree(data);
goto out_free_parent;
}
@@ -4232,14 +4226,16 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
cfg = irqd_cfg(irq_data);
if (!irq_data || !cfg) {
ret = -EINVAL;
- goto out_free_data;
+ goto out_unwind_loop;
}
- if (i > 0) {
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- goto out_free_data;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto out_unwind_loop;
}
+
irq_data->hwirq = (devid << 16) + i;
irq_data->chip_data = data;
irq_data->chip = &amd_ir_chip;
@@ -4248,8 +4244,8 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
}
return 0;
-out_free_data:
- for (i--; i >= 0; i--) {
+out_unwind_loop:
+ while (--i >= 0) {
irq_data = irq_domain_get_irq_data(domain, virq + i);
if (irq_data)
kfree(irq_data->chip_data);
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Joerg Roedel <joro@8bytes.org>
Cc: iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [patch] iommu/amd: fix a small leak in irq_remapping_alloc()
Date: Sat, 6 Dec 2014 16:52:57 +0300 [thread overview]
Message-ID: <20141206135257.GB17278@mwanda> (raw)
There is a memory leak here that was detected by Smatch:
drivers/iommu/amd_iommu.c:4261 irq_remapping_alloc()
warn: possible memory leak of 'data'
It happens if you hit the "if (!irq_data || !cfg) {" on the first
iteration through the loop. The original code was a bit weird. For
example, it treated the first allocation as a special case for some
reason. Anyway I cleaned it up a bit.
Fixes: ecf87b38d902 ('iommu/amd: Enhance AMD IR driver to suppport hierarchy irqdomain')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Please review this carefully. I haven't tested it.
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 35a38db..3bb69e4 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -4208,11 +4208,6 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
if (ret < 0)
return ret;
- ret = -ENOMEM;
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- goto out_free_parent;
-
if (info->type == X86_IRQ_ALLOC_TYPE_IOAPIC) {
if (get_irq_table(devid, true))
index = info->ioapic_pin;
@@ -4223,7 +4218,6 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
}
if (index < 0) {
pr_warn("Failed to allocate IRTE\n");
- kfree(data);
goto out_free_parent;
}
@@ -4232,14 +4226,16 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
cfg = irqd_cfg(irq_data);
if (!irq_data || !cfg) {
ret = -EINVAL;
- goto out_free_data;
+ goto out_unwind_loop;
}
- if (i > 0) {
- data = kzalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- goto out_free_data;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto out_unwind_loop;
}
+
irq_data->hwirq = (devid << 16) + i;
irq_data->chip_data = data;
irq_data->chip = &amd_ir_chip;
@@ -4248,8 +4244,8 @@ static int irq_remapping_alloc(struct irq_domain *domain, unsigned int virq,
}
return 0;
-out_free_data:
- for (i--; i >= 0; i--) {
+out_unwind_loop:
+ while (--i >= 0) {
irq_data = irq_domain_get_irq_data(domain, virq + i);
if (irq_data)
kfree(irq_data->chip_data);
next reply other threads:[~2014-12-06 13:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-06 13:52 Dan Carpenter [this message]
2014-12-06 13:52 ` [patch] iommu/amd: fix a small leak in irq_remapping_alloc() Dan Carpenter
2014-12-06 13:52 ` Dan Carpenter
2014-12-09 14:57 ` Jiang Liu
2014-12-09 14:57 ` Jiang Liu
2014-12-09 14:57 ` Jiang Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141206135257.GB17278@mwanda \
--to=dan.carpenter@oracle.com \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org \
--cc=kernel-janitors-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.