Bug 264057 - ofed/drivers/infiniband: mad: Fix a possible memory leak
Summary: ofed/drivers/infiniband: mad: Fix a possible memory leak
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Many People
Assignee: Hans Petter Selasky
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2022-05-18 03:28 UTC by ruc_gongyuanjun
Modified: 2022-06-07 06:48 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (secteam)
koobs: mfc-stable13?
koobs: mfc-stable12?

Attachments
a possible patch (1022 bytes, patch)
2022-05-18 03:28 UTC, ruc_gongyuanjun 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ruc_gongyuanjun 2022-05-18 03:28:36 UTC 
Created attachment 234011 [details]
a possible patch

If ib_dma_mapping_error, it will jump out of the loop, leaving
mad_priv allocated by alloc_mad_private not freed. It will cause
a memory leak. Fix it with kfree.
Comment 1 Hans Petter Selasky freebsd_committer freebsd_triage 2022-05-18 15:42:01 UTC 
Hi,

Have you checked if a similar fix is available in Linux?

--HPS
Comment 2 ruc_gongyuanjun 2022-05-19 07:31:22 UTC 
(In reply to Hans Petter Selasky from comment #1)
Hi, the similar bug has been fixed in linux.
Comment 3 Hans Petter Selasky freebsd_committer freebsd_triage 2022-05-19 08:27:02 UTC 
Thank you!
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-05-19 08:27:31 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ad7741ff693a39bab59b75e432bd922a62f3ef0a

commit ad7741ff693a39bab59b75e432bd922a62f3ef0a
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-05-19 08:06:42 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-05-19 08:13:06 +0000

    ibcore: Fix possible memory leak in ib_mad_post_receive_mads()

    If ib_dma_mapping_error() returns non-zero value,
    ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM
    without freeing mad_priv. Fix this memory-leak problem by freeing
    mad_priv in this case.

    Linux commit:
    a17f4bed811c60712d8131883cdba11a105d0161

    PR:             264057
    MFC after:      1 week
    Sponsored by:   NVIDIA Networking

 sys/ofed/drivers/infiniband/core/ib_mad.c | 1 +
 1 file changed, 1 insertion(+)
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-06-07 06:45:48 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=6953b4870f00e4d2ef99ae561ae03da028cb21e6

commit 6953b4870f00e4d2ef99ae561ae03da028cb21e6
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-05-19 08:06:42 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-06-07 06:44:28 +0000

    ibcore: Fix possible memory leak in ib_mad_post_receive_mads()

    If ib_dma_mapping_error() returns non-zero value,
    ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM
    without freeing mad_priv. Fix this memory-leak problem by freeing
    mad_priv in this case.

    Linux commit:
    a17f4bed811c60712d8131883cdba11a105d0161

    PR:             264057
    Sponsored by:   NVIDIA Networking

    (cherry picked from commit ad7741ff693a39bab59b75e432bd922a62f3ef0a)

 sys/ofed/drivers/infiniband/core/ib_mad.c | 1 +
 1 file changed, 1 insertion(+)
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-06-07 06:48:53 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=33870019c5f247b4602f1f044feadcc46bafa514

commit 33870019c5f247b4602f1f044feadcc46bafa514
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-05-19 08:06:42 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-06-07 06:46:10 +0000

    ibcore: Fix possible memory leak in ib_mad_post_receive_mads()

    If ib_dma_mapping_error() returns non-zero value,
    ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM
    without freeing mad_priv. Fix this memory-leak problem by freeing
    mad_priv in this case.

    Linux commit:
    a17f4bed811c60712d8131883cdba11a105d0161

    PR:             264057
    Sponsored by:   NVIDIA Networking

    (cherry picked from commit ad7741ff693a39bab59b75e432bd922a62f3ef0a)

 sys/ofed/drivers/infiniband/core/ib_mad.c | 1 +
 1 file changed, 1 insertion(+)