* [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup
[not found] <cover.1645551559.git.liwg06@foxmail.com>
@ 2022-02-22 18:17 ` Weiguo Li
2022-02-23 17:42 ` Chautru, Nicolas
2022-06-24 20:45 ` David Marchand
2022-02-22 18:18 ` [PATCH 02/20] common/dpaax: fix a memory leak in iterate dir Weiguo Li
` (18 subsequent siblings)
19 siblings, 2 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:17 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
We allocated memory for 'q', we don't free it when null check for 'd' fails
and it will lead to memory leak.
We can move null check for 'd' ahead of the memory allocation to fix it.
Fixes: 060e76729302 ("baseband/acc100: add queue configuration")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/baseband/acc100/rte_acc100_pmd.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/baseband/acc100/rte_acc100_pmd.c b/drivers/baseband/acc100/rte_acc100_pmd.c
index f86474f7e0..25e9e6435f 100644
--- a/drivers/baseband/acc100/rte_acc100_pmd.c
+++ b/drivers/baseband/acc100/rte_acc100_pmd.c
@@ -824,6 +824,10 @@ acc100_queue_setup(struct rte_bbdev *dev, uint16_t queue_id,
struct acc100_queue *q;
int16_t q_idx;
+ if (d == NULL) {
+ rte_bbdev_log(ERR, "Undefined device");
+ return -ENODEV;
+ }
/* Allocate the queue data structure. */
q = rte_zmalloc_socket(dev->device->driver->name, sizeof(*q),
RTE_CACHE_LINE_SIZE, conf->socket);
@@ -831,10 +835,6 @@ acc100_queue_setup(struct rte_bbdev *dev, uint16_t queue_id,
rte_bbdev_log(ERR, "Failed to allocate queue memory");
return -ENOMEM;
}
- if (d == NULL) {
- rte_bbdev_log(ERR, "Undefined device");
- return -ENODEV;
- }
q->d = d;
q->ring_addr = RTE_PTR_ADD(d->sw_rings, (d->sw_ring_size * queue_id));
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* RE: [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup
2022-02-22 18:17 ` [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup Weiguo Li
@ 2022-02-23 17:42 ` Chautru, Nicolas
2022-06-24 20:45 ` David Marchand
1 sibling, 0 replies; 27+ messages in thread
From: Chautru, Nicolas @ 2022-02-23 17:42 UTC (permalink / raw)
To: Weiguo Li, dev
Cc: adypodoman, Li, Xiaoyun, Zhang, Tianfei, Richardson, Bruce,
ivan.malov, jgrajcia, hkalra, Wang, Ying A, Xu, Ting, Su, Simei,
Yang, Qiming, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, Doherty, Declan, gakhil
> From: Weiguo Li <liwg06@foxmail.com>
>
> We allocated memory for 'q', we don't free it when null check for 'd' fails and
> it will lead to memory leak.
> We can move null check for 'd' ahead of the memory allocation to fix it.
>
> Fixes: 060e76729302 ("baseband/acc100: add queue configuration")
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
> ---
> drivers/baseband/acc100/rte_acc100_pmd.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/baseband/acc100/rte_acc100_pmd.c
> b/drivers/baseband/acc100/rte_acc100_pmd.c
> index f86474f7e0..25e9e6435f 100644
> --- a/drivers/baseband/acc100/rte_acc100_pmd.c
> +++ b/drivers/baseband/acc100/rte_acc100_pmd.c
> @@ -824,6 +824,10 @@ acc100_queue_setup(struct rte_bbdev *dev,
> uint16_t queue_id,
> struct acc100_queue *q;
> int16_t q_idx;
>
> + if (d == NULL) {
> + rte_bbdev_log(ERR, "Undefined device");
> + return -ENODEV;
> + }
> /* Allocate the queue data structure. */
> q = rte_zmalloc_socket(dev->device->driver->name, sizeof(*q),
> RTE_CACHE_LINE_SIZE, conf->socket);
> @@ -831,10 +835,6 @@ acc100_queue_setup(struct rte_bbdev *dev,
> uint16_t queue_id,
> rte_bbdev_log(ERR, "Failed to allocate queue memory");
> return -ENOMEM;
> }
> - if (d == NULL) {
> - rte_bbdev_log(ERR, "Undefined device");
> - return -ENODEV;
> - }
>
> q->d = d;
> q->ring_addr = RTE_PTR_ADD(d->sw_rings, (d->sw_ring_size *
> queue_id));
> --
> 2.25.1
>
Thanks
Acked-by: Nicolas Chautru <nicolas.chautr@intel.com>
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup
2022-02-22 18:17 ` [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup Weiguo Li
2022-02-23 17:42 ` Chautru, Nicolas
@ 2022-06-24 20:45 ` David Marchand
1 sibling, 0 replies; 27+ messages in thread
From: David Marchand @ 2022-06-24 20:45 UTC (permalink / raw)
To: Weiguo Li, Nicolas Chautru; +Cc: dev, Akhil Goyal, Maxime Coquelin, Tom Rix
On Tue, Feb 22, 2022 at 7:18 PM Weiguo Li <liwg06@foxmail.com> wrote:
>
> We allocated memory for 'q', we don't free it when null check for 'd' fails
> and it will lead to memory leak.
> We can move null check for 'd' ahead of the memory allocation to fix it.
>
> Fixes: 060e76729302 ("baseband/acc100: add queue configuration")
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
> ---
> drivers/baseband/acc100/rte_acc100_pmd.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/baseband/acc100/rte_acc100_pmd.c b/drivers/baseband/acc100/rte_acc100_pmd.c
> index f86474f7e0..25e9e6435f 100644
> --- a/drivers/baseband/acc100/rte_acc100_pmd.c
> +++ b/drivers/baseband/acc100/rte_acc100_pmd.c
> @@ -824,6 +824,10 @@ acc100_queue_setup(struct rte_bbdev *dev, uint16_t queue_id,
> struct acc100_queue *q;
> int16_t q_idx;
>
> + if (d == NULL) {
> + rte_bbdev_log(ERR, "Undefined device");
> + return -ENODEV;
> + }
Nicolas,
.queue_setup is a dev_ops, which means it is invoked after the .probe
function was called.
Failing to allocate dev_private shoud have been detected earlier, is
that correct?
If so, this check should simply be dropped, and there is no leak to fix.
Please confirm when you have the time.
Thanks.
--
David Marchand
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 02/20] common/dpaax: fix a memory leak in iterate dir
[not found] <cover.1645551559.git.liwg06@foxmail.com>
2022-02-22 18:17 ` [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 03/20] crypto/dpaa2_sec: fix memory leaks in error handlings Weiguo Li
` (17 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When process_dir() fails, the memory to 'subdir' was not freed which
caused a memory leak.
Fixes: 2183c6f69d7e ("bus/dpaa: add OF parser for device scanning")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/common/dpaax/dpaa_of.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/common/dpaax/dpaa_of.c b/drivers/common/dpaax/dpaa_of.c
index bb2c8fc66b..a827b42efa 100644
--- a/drivers/common/dpaax/dpaa_of.c
+++ b/drivers/common/dpaax/dpaa_of.c
@@ -126,8 +126,10 @@ iterate_dir(struct dirent **d, int num, struct dt_dir *dt)
d[loop]->d_name);
subdir->parent = dt;
ret = process_dir(subdir->node.node.full_name, subdir);
- if (ret)
+ if (ret) {
+ free(subdir);
return ret;
+ }
list_add_tail(&subdir->node.list, &dt->subdirs);
break;
default:
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 03/20] crypto/dpaa2_sec: fix memory leaks in error handlings
[not found] <cover.1645551559.git.liwg06@foxmail.com>
2022-02-22 18:17 ` [PATCH 01/20] baseband/acc100: fix a memory leak in acc100 queue setup Weiguo Li
2022-02-22 18:18 ` [PATCH 02/20] common/dpaax: fix a memory leak in iterate dir Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-06-24 20:46 ` David Marchand
2022-02-22 18:18 ` [PATCH 04/20] crypto/qat: fix a memory leak when set encrypt key fail Weiguo Li
` (16 subsequent siblings)
19 siblings, 1 reply; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When function returned from error handling branches, the memories were
not freed which caused a memory leak.
Fixes: 8d1f3a5d751b ("crypto/dpaa2_sec: support crypto operation")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e62d04852b..3f8d4d213f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2037,12 +2037,15 @@ dpaa2_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
RTE_CACHE_LINE_SIZE);
if (!qp->rx_vq.q_storage) {
DPAA2_SEC_ERR("malloc failed for q_storage");
+ rte_free(qp);
return -ENOMEM;
}
memset(qp->rx_vq.q_storage, 0, sizeof(struct queue_storage_info_t));
if (dpaa2_alloc_dq_storage(qp->rx_vq.q_storage)) {
DPAA2_SEC_ERR("Unable to allocate dequeue storage");
+ rte_free(qp->rx_vq.q_storage);
+ rte_free(qp);
return -ENOMEM;
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 03/20] crypto/dpaa2_sec: fix memory leaks in error handlings
2022-02-22 18:18 ` [PATCH 03/20] crypto/dpaa2_sec: fix memory leaks in error handlings Weiguo Li
@ 2022-06-24 20:46 ` David Marchand
0 siblings, 0 replies; 27+ messages in thread
From: David Marchand @ 2022-06-24 20:46 UTC (permalink / raw)
To: Weiguo Li
Cc: dev, adypodoman, Xiaoyun Li, Zhang, Tianfei, Bruce Richardson,
Ivan Malov, Jakub Grajciar, Harman Kalra, Ying A Wang, Xu, Ting,
simei, Qiming Yang, motih, Shreyansh Jain, Satha Rao,
Stephen Hemminger, Kalesh A P, Somnath Kotur, Declan Doherty,
Akhil Goyal, Nicolas Chautru
On Tue, Feb 22, 2022 at 7:19 PM Weiguo Li <liwg06@foxmail.com> wrote:
>
> When function returned from error handling branches, the memories were
> not freed which caused a memory leak.
>
> Fixes: 8d1f3a5d751b ("crypto/dpaa2_sec: support crypto operation")
This is backport material.
Please add Cc: stable@dpdk.org in new revision.
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
> ---
> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index e62d04852b..3f8d4d213f 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -2037,12 +2037,15 @@ dpaa2_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
> RTE_CACHE_LINE_SIZE);
> if (!qp->rx_vq.q_storage) {
> DPAA2_SEC_ERR("malloc failed for q_storage");
> + rte_free(qp);
> return -ENOMEM;
> }
> memset(qp->rx_vq.q_storage, 0, sizeof(struct queue_storage_info_t));
>
> if (dpaa2_alloc_dq_storage(qp->rx_vq.q_storage)) {
> DPAA2_SEC_ERR("Unable to allocate dequeue storage");
> + rte_free(qp->rx_vq.q_storage);
> + rte_free(qp);
> return -ENOMEM;
> }
Please rebase this fix, there was a new allocation introduced in this
code and I suspect this should be fixed too.
Thanks.
--
David Marchand
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 04/20] crypto/qat: fix a memory leak when set encrypt key fail
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (2 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 03/20] crypto/dpaa2_sec: fix memory leaks in error handlings Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-06-24 20:49 ` David Marchand
2022-02-22 18:18 ` [PATCH 05/20] net/bnxt: fix a memory leak in error handling Weiguo Li
` (15 subsequent siblings)
19 siblings, 1 reply; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
We allocated memory for 'in', we don't free it when AES_set_encrypt_key()
fails and it will lead to memory leak.
We can move set_encrypt_key() ahead of the memory allocation to fix it.
Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/crypto/qat/qat_sym_session.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 8ca475ca8b..3dc13942cb 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -1400,18 +1400,17 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
memset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +
ICP_QAT_HW_GALOIS_LEN_A_SZ +
ICP_QAT_HW_GALOIS_E_CTR0_SZ);
+ if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
+ &enc_key) != 0) {
+ return -EFAULT;
+ }
in = rte_zmalloc("working mem for key",
ICP_QAT_HW_GALOIS_H_SZ, 16);
if (in == NULL) {
QAT_LOG(ERR, "Failed to alloc memory");
return -ENOMEM;
}
-
memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);
- if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
- &enc_key) != 0) {
- return -EFAULT;
- }
AES_encrypt(in, out, &enc_key);
*p_state_len = ICP_QAT_HW_GALOIS_H_SZ +
ICP_QAT_HW_GALOIS_LEN_A_SZ +
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 04/20] crypto/qat: fix a memory leak when set encrypt key fail
2022-02-22 18:18 ` [PATCH 04/20] crypto/qat: fix a memory leak when set encrypt key fail Weiguo Li
@ 2022-06-24 20:49 ` David Marchand
0 siblings, 0 replies; 27+ messages in thread
From: David Marchand @ 2022-06-24 20:49 UTC (permalink / raw)
To: Weiguo Li
Cc: dev, adypodoman, Xiaoyun Li, Zhang, Tianfei, Bruce Richardson,
Ivan Malov, Jakub Grajciar, Harman Kalra, Ying A Wang, Xu, Ting,
simei, Qiming Yang, motih, Shreyansh Jain, Satha Rao,
Stephen Hemminger, Kalesh A P, Somnath Kotur, Declan Doherty,
Akhil Goyal, Nicolas Chautru
On Tue, Feb 22, 2022 at 7:19 PM Weiguo Li <liwg06@foxmail.com> wrote:
>
> We allocated memory for 'in', we don't free it when AES_set_encrypt_key()
> fails and it will lead to memory leak.
> We can move set_encrypt_key() ahead of the memory allocation to fix it.
This move seems to fix the leak indeed.
But this change does not follow the pattern used in the rest of this
file and I don't feel confident enough to accept it without the driver
maintainer opinion.
--
David Marchand
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 05/20] net/bnxt: fix a memory leak in error handling
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (3 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 04/20] crypto/qat: fix a memory leak when set encrypt key fail Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 06/20] net/bnxt: fix 'ctx' memory leak when new malloc fail Weiguo Li
` (14 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When run goto from this branch, the 'ulp_fc_info' has not set into
the context yet, so ulp_fc_mgr_deinit(ctxt) in the error label can
not release 'ulp_fc_info' in this case which cause a memory leak.
Fixes: 9cf9c8385df7 ("net/bnxt: add ULP flow counter manager")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/bnxt/tf_ulp/ulp_fc_mgr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/bnxt/tf_ulp/ulp_fc_mgr.c b/drivers/net/bnxt/tf_ulp/ulp_fc_mgr.c
index 85c9cbb7f2..b055463ea4 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_fc_mgr.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_fc_mgr.c
@@ -86,6 +86,7 @@ ulp_fc_mgr_init(struct bnxt_ulp_context *ctxt)
rc = pthread_mutex_init(&ulp_fc_info->fc_lock, NULL);
if (rc) {
+ rte_free(ulp_fc_info);
PMD_DRV_LOG(ERR, "Failed to initialize fc mutex\n");
goto error;
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 06/20] net/bnxt: fix 'ctx' memory leak when new malloc fail
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (4 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 05/20] net/bnxt: fix a memory leak in error handling Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 07/20] net/bnx2x: add clean up for 'rxq' to avoid a memory leak Weiguo Li
` (13 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When new memory is not available and the memory "ctx" allocated
beforehand was not assigned to anywhere, so "ctx" should be freed,
otherwise will cause a memory leak.
Fixes: b4f740511655 ("net/bnxt: remove unnecessary return check")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/bnxt/bnxt_hwrm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/bnxt/bnxt_hwrm.c b/drivers/net/bnxt/bnxt_hwrm.c
index b4aeec593e..4993111ccf 100644
--- a/drivers/net/bnxt/bnxt_hwrm.c
+++ b/drivers/net/bnxt/bnxt_hwrm.c
@@ -5374,6 +5374,7 @@ int bnxt_hwrm_func_backing_store_qcaps(struct bnxt *bp)
RTE_CACHE_LINE_SIZE);
if (!ctx_pg) {
rc = -ENOMEM;
+ rte_free(ctx);
goto ctx_err;
}
for (i = 0; i < tqm_rings; i++, ctx_pg++)
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 07/20] net/bnx2x: add clean up for 'rxq' to avoid a memory leak
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (5 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 06/20] net/bnxt: fix 'ctx' memory leak when new malloc fail Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 08/20] net/cnxk: free 'node' memory when node add fail Weiguo Li
` (12 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
This error handling miss a clean up for 'rxq' which leads to
a memory leak.
Fixes: 540a211084a7 ("bnx2x: driver core")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/bnx2x/bnx2x_rxtx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/bnx2x/bnx2x_rxtx.c b/drivers/net/bnx2x/bnx2x_rxtx.c
index fbc0bb7698..9ad36000fb 100644
--- a/drivers/net/bnx2x/bnx2x_rxtx.c
+++ b/drivers/net/bnx2x/bnx2x_rxtx.c
@@ -139,6 +139,7 @@ bnx2x_dev_rx_queue_setup(struct rte_eth_dev *dev,
dma = ring_dma_zone_reserve(dev, "bnx2x_rcq", queue_idx, dma_size, socket_id);
if (NULL == dma) {
PMD_RX_LOG(ERR, "RCQ alloc failed");
+ bnx2x_rx_queue_release(rxq);
return -ENOMEM;
}
fp->rx_comp_mapping = rxq->cq_ring_phys_addr = (uint64_t)dma->iova;
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 08/20] net/cnxk: free 'node' memory when node add fail
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (6 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 07/20] net/bnx2x: add clean up for 'rxq' to avoid a memory leak Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-04-07 9:02 ` Nithin Kumar Dabilpuram
2022-02-22 18:18 ` [PATCH 09/20] net/dpaa: fix a memory leak when validation fail Weiguo Li
` (11 subsequent siblings)
19 siblings, 1 reply; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When node_add failed and function return, then the memory of 'node'
is leaked.
Fixes: 4435371b8fb1c0 ("net/cnxk: add TM shaper and node operations")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/cnxk/cnxk_tm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/cnxk/cnxk_tm.c b/drivers/net/cnxk/cnxk_tm.c
index 9015a452f8..81afafd5b7 100644
--- a/drivers/net/cnxk/cnxk_tm.c
+++ b/drivers/net/cnxk/cnxk_tm.c
@@ -389,6 +389,7 @@ cnxk_nix_tm_node_add(struct rte_eth_dev *eth_dev, uint32_t node_id,
if (rc < 0) {
error->type = roc_nix_tm_err_to_rte_err(rc);
error->message = roc_error_msg_get(rc);
+ rte_free(node);
return rc;
}
error->type = RTE_TM_ERROR_TYPE_NONE;
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 08/20] net/cnxk: free 'node' memory when node add fail
2022-02-22 18:18 ` [PATCH 08/20] net/cnxk: free 'node' memory when node add fail Weiguo Li
@ 2022-04-07 9:02 ` Nithin Kumar Dabilpuram
0 siblings, 0 replies; 27+ messages in thread
From: Nithin Kumar Dabilpuram @ 2022-04-07 9:02 UTC (permalink / raw)
To: Weiguo Li, dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
Acked-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
On 2/22/22 11:48 PM, Weiguo Li wrote:
> When node_add failed and function return, then the memory of 'node'
> is leaked.
>
> Fixes: 4435371b8fb1c0 ("net/cnxk: add TM shaper and node operations")
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
> ---
> drivers/net/cnxk/cnxk_tm.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/cnxk/cnxk_tm.c b/drivers/net/cnxk/cnxk_tm.c
> index 9015a452f8..81afafd5b7 100644
> --- a/drivers/net/cnxk/cnxk_tm.c
> +++ b/drivers/net/cnxk/cnxk_tm.c
> @@ -389,6 +389,7 @@ cnxk_nix_tm_node_add(struct rte_eth_dev *eth_dev, uint32_t node_id,
> if (rc < 0) {
> error->type = roc_nix_tm_err_to_rte_err(rc);
> error->message = roc_error_msg_get(rc);
> + rte_free(node);
> return rc;
> }
> error->type = RTE_TM_ERROR_TYPE_NONE;
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 09/20] net/dpaa: fix a memory leak when validation fail
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (7 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 08/20] net/cnxk: free 'node' memory when node add fail Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 10/20] net/failsafe: fix a memory leak in error handling Weiguo Li
` (10 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When buf_len validations fails and return, the mbuf is not freed
which caused a memory leak.
Fixes: 8cffdcbe85aa ("net/dpaa: support scattered Rx")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/dpaa/dpaa_rxtx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/dpaa/dpaa_rxtx.c b/drivers/net/dpaa/dpaa_rxtx.c
index 956fe946fa..f66d975969 100644
--- a/drivers/net/dpaa/dpaa_rxtx.c
+++ b/drivers/net/dpaa/dpaa_rxtx.c
@@ -810,6 +810,7 @@ dpaa_eth_mbuf_to_sg_fd(struct rte_mbuf *mbuf,
}
if (temp->buf_len < ((mbuf->nb_segs * sizeof(struct qm_sg_entry))
+ temp->data_off)) {
+ rte_pktmbuf_free(temp);
DPAA_PMD_ERR("Insufficient space in mbuf for SG entries");
return -1;
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 10/20] net/failsafe: fix a memory leak in error handling
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (8 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 09/20] net/dpaa: fix a memory leak when validation fail Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 11/20] net/iavf: " Weiguo Li
` (9 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When failed at 'rte_intr_efd_enable()', function returned and 'rxq' is
not freed. So free 'rxq' in error handling to avoid a memory leak. We
can't not use 'goto free_rxq' instead since 'rxq' has not assigned to
'dev->data->rx_queues[rx_queue_id]', thus 'fs_rx_queue_release(dev,...)'
will not work in this case.
Fixes: 9e0360aebf236d ("net/failsafe: register as Rx interrupt mode")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/failsafe/failsafe_ops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/failsafe/failsafe_ops.c b/drivers/net/failsafe/failsafe_ops.c
index 55e21d635c..4d4e2b248f 100644
--- a/drivers/net/failsafe/failsafe_ops.c
+++ b/drivers/net/failsafe/failsafe_ops.c
@@ -444,6 +444,7 @@ fs_rx_queue_setup(struct rte_eth_dev *dev,
rxq->sdev = PRIV(dev)->subs;
ret = rte_intr_efd_enable(intr_handle, 1);
if (ret < 0) {
+ rte_free(rxq);
fs_unlock(dev, 0);
return ret;
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 11/20] net/iavf: fix a memory leak in error handling
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (9 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 10/20] net/failsafe: fix a memory leak in error handling Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 12/20] net/ice: goto clean up lable to avoid memory leak Weiguo Li
` (8 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When function return from this branch, memory for 'items' is not
freed which caused a memory leak.
Fixes: ff2d0c345c3b ("net/iavf: support generic flow API")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/iavf/iavf_generic_flow.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/iavf/iavf_generic_flow.c b/drivers/net/iavf/iavf_generic_flow.c
index 2befa125ac..a733ebc613 100644
--- a/drivers/net/iavf/iavf_generic_flow.c
+++ b/drivers/net/iavf/iavf_generic_flow.c
@@ -2013,6 +2013,7 @@ iavf_search_pattern_match_item(const struct rte_flow_item pattern[],
pattern_match_item = rte_zmalloc("iavf_pattern_match_item",
sizeof(struct iavf_pattern_match_item), 0);
if (!pattern_match_item) {
+ rte_free(items);
rte_flow_error_set(error, ENOMEM, RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Failed to allocate memory.");
return NULL;
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 12/20] net/ice: goto clean up lable to avoid memory leak
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (10 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 11/20] net/iavf: " Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 13/20] net/ice: fix memory leaks in error handlings Weiguo Li
` (7 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When function return in this branch, the memories of 'input' and 'rule'
are not released, goto corresponding lable to do the clean up.
Fixes: 40d466fa9f765b ("net/ice: support ACL filter in DCF")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/ice/ice_acl_filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ice/ice_acl_filter.c b/drivers/net/ice/ice_acl_filter.c
index 8fe6f5aeb0..5ddc5262d4 100644
--- a/drivers/net/ice/ice_acl_filter.c
+++ b/drivers/net/ice/ice_acl_filter.c
@@ -530,7 +530,7 @@ ice_acl_create_filter(struct ice_adapter *ad,
RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
"failed to set hw configure.");
ret = -rte_errno;
- return ret;
+ goto err_acl_set_input;
}
if (flow_type == ICE_FLTR_PTYPE_NONF_IPV4_OTHER) {
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 13/20] net/ice: fix memory leaks in error handlings
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (11 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 12/20] net/ice: goto clean up lable to avoid memory leak Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-06-02 8:04 ` David Marchand
2022-02-22 18:18 ` [PATCH 14/20] net/ice: avoid fix memory leaks in register parser Weiguo Li
` (6 subsequent siblings)
19 siblings, 1 reply; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
The function release 'pkt_buf' and 'msk_buf' when successful. In some
error handlings, 'pkt_buf' and 'msk_buf' were not freed leads to memory
leaks.
To fix it without introducing code redundancy, add and make use of an
'error' lable to do the clean ups for 'pkt_buf' and 'msk_buf'.
Fixes: 1b9c68120a1c50 ("net/ice: enable protocol agnostic flow offloading in RSS")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/ice/ice_hash.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ice/ice_hash.c b/drivers/net/ice/ice_hash.c
index afbb357fa3..aed256d57c 100644
--- a/drivers/net/ice/ice_hash.c
+++ b/drivers/net/ice/ice_hash.c
@@ -658,7 +658,7 @@ ice_hash_parse_raw_pattern(struct ice_adapter *ad,
uint8_t spec_len, pkt_len;
uint8_t tmp_val = 0;
uint8_t tmp_c = 0;
- int i, j;
+ int i, j, ret = 0;
raw_spec = item->spec;
raw_mask = item->mask;
@@ -675,9 +675,10 @@ ice_hash_parse_raw_pattern(struct ice_adapter *ad,
return -ENOMEM;
msk_buf = rte_zmalloc(NULL, pkt_len, 0);
- if (!msk_buf)
- return -ENOMEM;
-
+ if (!msk_buf) {
+ ret = -ENOMEM;
+ goto exit;
+ }
/* convert string to int array */
for (i = 0, j = 0; i < spec_len; i += 2, j++) {
tmp_c = raw_spec->pattern[i];
@@ -713,21 +714,28 @@ ice_hash_parse_raw_pattern(struct ice_adapter *ad,
msk_buf[j] = tmp_val * 16 + tmp_c - '0';
}
- if (ice_parser_create(&ad->hw, &psr))
- return -rte_errno;
- if (ice_parser_run(psr, pkt_buf, pkt_len, &rslt))
- return -rte_errno;
+ if (ice_parser_create(&ad->hw, &psr)) {
+ ret = -rte_errno;
+ goto exit;
+ }
+ if (ice_parser_run(psr, pkt_buf, pkt_len, &rslt)) {
+ ret = -rte_errno;
+ goto exit;
+ }
ice_parser_destroy(psr);
if (ice_parser_profile_init(&rslt, pkt_buf, msk_buf,
- pkt_len, ICE_BLK_RSS, true, &prof))
- return -rte_errno;
+ pkt_len, ICE_BLK_RSS, true, &prof)) {
+ ret = -rte_errno;
+ goto exit;
+ }
rte_memcpy(&meta->raw.prof, &prof, sizeof(prof));
+exit:
rte_free(pkt_buf);
rte_free(msk_buf);
- return 0;
+ return ret;
}
static void
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 13/20] net/ice: fix memory leaks in error handlings
2022-02-22 18:18 ` [PATCH 13/20] net/ice: fix memory leaks in error handlings Weiguo Li
@ 2022-06-02 8:04 ` David Marchand
0 siblings, 0 replies; 27+ messages in thread
From: David Marchand @ 2022-06-02 8:04 UTC (permalink / raw)
To: Weiguo Li
Cc: dev, adypodoman, Xiaoyun Li, Zhang, Tianfei, Bruce Richardson,
Ivan Malov, Jakub Grajciar, Harman Kalra, Ying A Wang, Xu, Ting,
simei, Qiming Yang, motih, Shreyansh Jain, Satha Rao,
Stephen Hemminger, Kalesh A P, Somnath Kotur, Declan Doherty,
Akhil Goyal, Nicolas Chautru
On Tue, Feb 22, 2022 at 7:20 PM Weiguo Li <liwg06@foxmail.com> wrote:
> @@ -713,21 +714,28 @@ ice_hash_parse_raw_pattern(struct ice_adapter *ad,
> msk_buf[j] = tmp_val * 16 + tmp_c - '0';
> }
>
> - if (ice_parser_create(&ad->hw, &psr))
> - return -rte_errno;
> - if (ice_parser_run(psr, pkt_buf, pkt_len, &rslt))
> - return -rte_errno;
> + if (ice_parser_create(&ad->hw, &psr)) {
> + ret = -rte_errno;
> + goto exit;
> + }
> + if (ice_parser_run(psr, pkt_buf, pkt_len, &rslt)) {
> + ret = -rte_errno;
> + goto exit;
> + }
This part of the patch seems to conflict.
Can you double check and rebase?
Thanks.
--
David Marchand
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 14/20] net/ice: avoid fix memory leaks in register parser
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (12 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 13/20] net/ice: fix memory leaks in error handlings Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 15/20] net/memif: fix some memory leaks in error handlings Weiguo Li
` (5 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
1) When 'ice_get_parser_list()' fails and return, 'parser_node' is not
released, we can move the parser list action ahead of the memory
allocation to avoid this memory leak.
2) In another error handling branch, we release 'parser_node' directly
to avoid the memory leak.
Fixes: 7615a6895009cb ("net/ice: rework for generic flow enabling")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/ice/ice_generic_flow.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ice/ice_generic_flow.c b/drivers/net/ice/ice_generic_flow.c
index 53b1c0b69a..e3df090186 100644
--- a/drivers/net/ice/ice_generic_flow.c
+++ b/drivers/net/ice/ice_generic_flow.c
@@ -1920,6 +1920,10 @@ ice_register_parser(struct ice_flow_parser *parser,
struct ice_flow_parser_node *existing_node;
void *temp;
+ list = ice_get_parser_list(parser, ad);
+ if (list == NULL)
+ return -EINVAL;
+
parser_node = rte_zmalloc("ice_parser", sizeof(*parser_node), 0);
if (parser_node == NULL) {
PMD_DRV_LOG(ERR, "Failed to allocate memory.");
@@ -1927,10 +1931,6 @@ ice_register_parser(struct ice_flow_parser *parser,
}
parser_node->parser = parser;
- list = ice_get_parser_list(parser, ad);
- if (list == NULL)
- return -EINVAL;
-
if (ad->devargs.pipe_mode_support) {
TAILQ_INSERT_TAIL(list, parser_node, node);
} else {
@@ -1961,6 +1961,7 @@ ice_register_parser(struct ice_flow_parser *parser,
} else if (parser->engine->type == ICE_FLOW_ENGINE_ACL) {
TAILQ_INSERT_HEAD(list, parser_node, node);
} else {
+ rte_free(parser_node);
return -EINVAL;
}
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 15/20] net/memif: fix some memory leaks in error handlings
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (13 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 14/20] net/ice: avoid fix memory leaks in register parser Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 16/20] net/sfc: fix a memory leak in error handling Weiguo Li
` (4 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
1) When the validate to 'reply->num_fds' fails, memif_region 'r' is not
released, we can move the validation ahead of the memory allocation to
avoid this memory leak.
2) In some error handlings, functions were returned without releasing the
memory. Fix them altogether in this patch.
Fixes: c41a04958b09 ("net/memif: support multi-process")
Fixes: 43b815d88188 ("net/memif: support zero-copy slave")
Fixes: d61138d4f0e2 ("drivers: remove direct access to interrupt handle")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/memif/rte_eth_memif.c | 32 +++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/drivers/net/memif/rte_eth_memif.c b/drivers/net/memif/rte_eth_memif.c
index 587ad45576..ddbdeb6241 100644
--- a/drivers/net/memif/rte_eth_memif.c
+++ b/drivers/net/memif/rte_eth_memif.c
@@ -158,6 +158,11 @@ memif_mp_request_regions(struct rte_eth_dev *dev)
reply_param = (struct mp_region_msg *)reply->param;
if (reply_param->size > 0) {
+ if (reply->num_fds < 1) {
+ MIF_LOG(ERR, "Missing file descriptor.");
+ free(reply);
+ return -1;
+ }
r = rte_zmalloc("region", sizeof(struct memif_region), 0);
if (r == NULL) {
MIF_LOG(ERR, "Failed to alloc memif region.");
@@ -165,11 +170,6 @@ memif_mp_request_regions(struct rte_eth_dev *dev)
return -ENOMEM;
}
r->region_size = reply_param->size;
- if (reply->num_fds < 1) {
- MIF_LOG(ERR, "Missing file descriptor.");
- free(reply);
- return -1;
- }
r->fd = reply->fds[0];
r->addr = NULL;
@@ -913,8 +913,10 @@ memif_region_init_zc(const struct rte_memseg_list *msl, const struct rte_memseg
r->addr = msl->base_va;
r->region_size = ms->len;
r->fd = rte_memseg_get_fd(ms);
- if (r->fd < 0)
+ if (r->fd < 0) {
+ rte_free(r);
return -1;
+ }
r->pkt_buffer_offset = 0;
proc_private->regions[proc_private->regions_num - 1] = r;
@@ -1328,6 +1330,7 @@ memif_tx_queue_setup(struct rte_eth_dev *dev,
mq->intr_handle = rte_intr_instance_alloc(RTE_INTR_INSTANCE_F_SHARED);
if (mq->intr_handle == NULL) {
MIF_LOG(ERR, "Failed to allocate intr handle");
+ rte_free(mq);
return -ENOMEM;
}
@@ -1336,11 +1339,15 @@ memif_tx_queue_setup(struct rte_eth_dev *dev,
mq->n_pkts = 0;
mq->n_bytes = 0;
- if (rte_intr_fd_set(mq->intr_handle, -1))
+ if (rte_intr_fd_set(mq->intr_handle, -1)) {
+ rte_free(mq);
return -rte_errno;
+ }
- if (rte_intr_type_set(mq->intr_handle, RTE_INTR_HANDLE_EXT))
+ if (rte_intr_type_set(mq->intr_handle, RTE_INTR_HANDLE_EXT)) {
+ rte_free(mq);
return -rte_errno;
+ }
mq->in_port = dev->data->port_id;
dev->data->tx_queues[qid] = mq;
@@ -1369,6 +1376,7 @@ memif_rx_queue_setup(struct rte_eth_dev *dev,
mq->intr_handle = rte_intr_instance_alloc(RTE_INTR_INSTANCE_F_SHARED);
if (mq->intr_handle == NULL) {
MIF_LOG(ERR, "Failed to allocate intr handle");
+ rte_free(mq);
return -ENOMEM;
}
@@ -1376,11 +1384,15 @@ memif_rx_queue_setup(struct rte_eth_dev *dev,
mq->n_pkts = 0;
mq->n_bytes = 0;
- if (rte_intr_fd_set(mq->intr_handle, -1))
+ if (rte_intr_fd_set(mq->intr_handle, -1)) {
+ rte_free(mq);
return -rte_errno;
+ }
- if (rte_intr_type_set(mq->intr_handle, RTE_INTR_HANDLE_EXT))
+ if (rte_intr_type_set(mq->intr_handle, RTE_INTR_HANDLE_EXT)) {
+ rte_free(mq);
return -rte_errno;
+ }
mq->mempool = mb_pool;
mq->in_port = dev->data->port_id;
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 16/20] net/sfc: fix a memory leak in error handling
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (14 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 15/20] net/memif: fix some memory leaks in error handlings Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-03-03 7:39 ` Andrew Rybchenko
2022-02-22 18:18 ` [PATCH 17/20] net/vmxnet3: fix memory leaks in error handlings Weiguo Li
` (3 subsequent siblings)
19 siblings, 1 reply; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When efx_nic_get_board_info() failed then function return, the
memory in 'id' is not released, this leads to a memory leak.
Fixes: e86b48aa46d4 ("net/sfc: add HW switch ID helpers")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/sfc/sfc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/sfc/sfc.c b/drivers/net/sfc/sfc.c
index 51726d229b..ad1683a512 100644
--- a/drivers/net/sfc/sfc.c
+++ b/drivers/net/sfc/sfc.c
@@ -1423,8 +1423,10 @@ sfc_hw_switch_id_init(struct sfc_adapter *sa,
return ENOMEM;
rc = efx_nic_get_board_info(sa->nic, &board_info);
- if (rc != 0)
+ if (rc != 0) {
+ rte_free(id);
return rc;
+ }
memcpy(id->board_sn, board_info.enbi_serial, sizeof(id->board_sn));
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 16/20] net/sfc: fix a memory leak in error handling
2022-02-22 18:18 ` [PATCH 16/20] net/sfc: fix a memory leak in error handling Weiguo Li
@ 2022-03-03 7:39 ` Andrew Rybchenko
0 siblings, 0 replies; 27+ messages in thread
From: Andrew Rybchenko @ 2022-03-03 7:39 UTC (permalink / raw)
To: Weiguo Li, dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
On 2/22/22 21:18, Weiguo Li wrote:
> When efx_nic_get_board_info() failed then function return, the
> memory in 'id' is not released, this leads to a memory leak.
>
> Fixes: e86b48aa46d4 ("net/sfc: add HW switch ID helpers")
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 17/20] net/vmxnet3: fix memory leaks in error handlings
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (15 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 16/20] net/sfc: fix a memory leak in error handling Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:18 ` [PATCH 18/20] raw/ifpga/base: " Weiguo Li
` (2 subsequent siblings)
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
1) in function vmxnet3_dev_tx_queue_setup():
The momory of 'txq' is stored to 'dev->data->tx_queues[queue_idx]'
at the end of the function. When function returned early in the
error handling, 'txq' is not released which leads to a memory leak.
2) in function vmxnet3_dev_rx_queue_setup():
Same reason to case 1) with memory 'rxq'.
Fixes: dfaff37fc46d ("vmxnet3: import new vmxnet3 poll mode driver implementation")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/vmxnet3/vmxnet3_rxtx.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/vmxnet3/vmxnet3_rxtx.c b/drivers/net/vmxnet3/vmxnet3_rxtx.c
index d745064bc4..3d1c6080e8 100644
--- a/drivers/net/vmxnet3/vmxnet3_rxtx.c
+++ b/drivers/net/vmxnet3/vmxnet3_rxtx.c
@@ -1057,10 +1057,12 @@ vmxnet3_dev_tx_queue_setup(struct rte_eth_dev *dev,
/* Tx vmxnet ring length should be between 512-4096 */
if (nb_desc < VMXNET3_DEF_TX_RING_SIZE) {
+ rte_free(txq);
PMD_INIT_LOG(ERR, "VMXNET3 Tx Ring Size Min: %u",
VMXNET3_DEF_TX_RING_SIZE);
return -EINVAL;
} else if (nb_desc > VMXNET3_TX_RING_MAX_SIZE) {
+ rte_free(txq);
PMD_INIT_LOG(ERR, "VMXNET3 Tx Ring Size Max: %u",
VMXNET3_TX_RING_MAX_SIZE);
return -EINVAL;
@@ -1084,6 +1086,7 @@ vmxnet3_dev_tx_queue_setup(struct rte_eth_dev *dev,
mz = rte_eth_dma_zone_reserve(dev, "txdesc", queue_idx, size,
VMXNET3_RING_BA_ALIGN, socket_id);
if (mz == NULL) {
+ rte_free(txq);
PMD_INIT_LOG(ERR, "ERROR: Creating queue descriptors zone");
return -ENOMEM;
}
@@ -1108,6 +1111,7 @@ vmxnet3_dev_tx_queue_setup(struct rte_eth_dev *dev,
ring->buf_info = rte_zmalloc("tx_ring_buf_info",
ring->size * sizeof(vmxnet3_buf_info_t), RTE_CACHE_LINE_SIZE);
if (ring->buf_info == NULL) {
+ rte_free(txq);
PMD_INIT_LOG(ERR, "ERROR: Creating tx_buf_info structure");
return -ENOMEM;
}
@@ -1163,9 +1167,11 @@ vmxnet3_dev_rx_queue_setup(struct rte_eth_dev *dev,
/* Rx vmxnet rings length should be between 256-4096 */
if (nb_desc < VMXNET3_DEF_RX_RING_SIZE) {
+ rte_free(rxq);
PMD_INIT_LOG(ERR, "VMXNET3 Rx Ring Size Min: 256");
return -EINVAL;
} else if (nb_desc > VMXNET3_RX_RING_MAX_SIZE) {
+ rte_free(rxq);
PMD_INIT_LOG(ERR, "VMXNET3 Rx Ring Size Max: 4096");
return -EINVAL;
} else {
@@ -1195,6 +1201,7 @@ vmxnet3_dev_rx_queue_setup(struct rte_eth_dev *dev,
mz = rte_eth_dma_zone_reserve(dev, "rxdesc", queue_idx, size,
VMXNET3_RING_BA_ALIGN, socket_id);
if (mz == NULL) {
+ rte_free(rxq);
PMD_INIT_LOG(ERR, "ERROR: Creating queue descriptors zone");
return -ENOMEM;
}
@@ -1233,6 +1240,7 @@ vmxnet3_dev_rx_queue_setup(struct rte_eth_dev *dev,
ring->size * sizeof(vmxnet3_buf_info_t),
RTE_CACHE_LINE_SIZE);
if (ring->buf_info == NULL) {
+ rte_free(rxq);
PMD_INIT_LOG(ERR, "ERROR: Creating rx_buf_info structure");
return -ENOMEM;
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 18/20] raw/ifpga/base: fix memory leaks in error handlings
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (16 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 17/20] net/vmxnet3: fix memory leaks in error handlings Weiguo Li
@ 2022-02-22 18:18 ` Weiguo Li
2022-02-22 18:28 ` [PATCH 19/20] raw/ntb: fix some " Weiguo Li
2022-02-22 18:28 ` [PATCH 20/20] regex/mlx5: fix a memory leak in error handling Weiguo Li
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:18 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
1) in ifpga_enumerate.c:
The memory 'feature' is stored by TAILQ_INSERT_TAIL() at the end of the
function. When function returned early in error handling, 'feature' is
not released and leads to a memory leak.
2) in opae_eth_group.c and opae_i2c.c
These function return 'dev' when success and return NULL when validation
failed or some error occur. In the latter case 'dev' is not released and
leads to a memory leak.
Fixes: 56bb54ea1bdf ("raw/ifpga/base: add Intel FPGA OPAE share code")
Fixes: 12f92a513a13 ("raw/ifpga/base: fix retimer link status")
Fixes: 15d21c851028 ("raw/ifpga/base: add I2C and at24 EEPROM driver")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/raw/ifpga/base/ifpga_enumerate.c | 10 ++++++++--
drivers/raw/ifpga/base/opae_eth_group.c | 1 +
drivers/raw/ifpga/base/opae_i2c.c | 5 ++++-
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/raw/ifpga/base/ifpga_enumerate.c b/drivers/raw/ifpga/base/ifpga_enumerate.c
index 48b8af4587..ae7bc9326d 100644
--- a/drivers/raw/ifpga/base/ifpga_enumerate.c
+++ b/drivers/raw/ifpga/base/ifpga_enumerate.c
@@ -100,12 +100,16 @@ build_info_add_sub_feature(struct build_feature_devs_info *binfo,
(unsigned long long)feature->phys_addr, size);
if (vec_cnt) {
- if (vec_start + vec_cnt <= vec_start)
+ if (vec_start + vec_cnt <= vec_start) {
+ opae_free(feature);
return -EINVAL;
+ }
ctx = zmalloc(sizeof(*ctx) * vec_cnt);
- if (!ctx)
+ if (!ctx) {
+ opae_free(feature);
return -ENOMEM;
+ }
for (i = 0; i < vec_cnt; i++) {
ctx[i].eventfd = -1;
@@ -130,6 +134,8 @@ build_info_add_sub_feature(struct build_feature_devs_info *binfo,
TAILQ_INSERT_TAIL(&hw->port[port_id].feature_list,
feature, next);
} else {
+ opae_free(feature->ctx);
+ opae_free(feature);
return -EFAULT;
}
return ret;
diff --git a/drivers/raw/ifpga/base/opae_eth_group.c b/drivers/raw/ifpga/base/opae_eth_group.c
index be28954e05..cd9b2443c7 100644
--- a/drivers/raw/ifpga/base/opae_eth_group.c
+++ b/drivers/raw/ifpga/base/opae_eth_group.c
@@ -297,6 +297,7 @@ struct eth_group_device *eth_group_probe(void *base)
if (eth_group_hw_init(dev)) {
dev_err(dev, "eth group hw init fail\n");
+ opae_free(dev);
return NULL;
}
diff --git a/drivers/raw/ifpga/base/opae_i2c.c b/drivers/raw/ifpga/base/opae_i2c.c
index 598eab5742..0a9abff14d 100644
--- a/drivers/raw/ifpga/base/opae_i2c.c
+++ b/drivers/raw/ifpga/base/opae_i2c.c
@@ -479,6 +479,7 @@ struct altera_i2c_dev *altera_i2c_probe(void *base)
if (dev->i2c_param.devid != 0xEE011) {
dev_err(dev, "find a invalid i2c master\n");
+ opae_free(dev);
return NULL;
}
@@ -494,8 +495,10 @@ struct altera_i2c_dev *altera_i2c_probe(void *base)
dev->i2c_clk = dev->i2c_param.ref_clk * 1000000;
dev->xfer = altera_i2c_xfer;
- if (pthread_mutex_init(&dev->lock, NULL))
+ if (pthread_mutex_init(&dev->lock, NULL)) {
+ opae_free(dev);
return NULL;
+ }
dev->mutex = &dev->lock;
altera_i2c_hardware_init(dev);
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 19/20] raw/ntb: fix some memory leaks in error handlings
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (17 preceding siblings ...)
2022-02-22 18:18 ` [PATCH 18/20] raw/ifpga/base: " Weiguo Li
@ 2022-02-22 18:28 ` Weiguo Li
2022-02-22 18:28 ` [PATCH 20/20] regex/mlx5: fix a memory leak in error handling Weiguo Li
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:28 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
1) in ntb_rxq_setup():
When 'rxq_conf->rx_mp' validation failed and return, the memory to
'rxq' is leaked. We can move the validation ahead the allocation for
'rxq' to avoid it.
2) in ntb_txq_setup():
The memory 'txq' is stored to 'hw->tx_queues[qp_id]' at the end of
the function when successful. When the validation failed then function
returned early, 'rxq' is not released which leads to a memory leak.
Fixes: c39d1e082a4b ("raw/ntb: setup queues")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/raw/ntb/ntb.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/raw/ntb/ntb.c b/drivers/raw/ntb/ntb.c
index f5e773c53b..532c5141f0 100644
--- a/drivers/raw/ntb/ntb.c
+++ b/drivers/raw/ntb/ntb.c
@@ -314,6 +314,10 @@ ntb_rxq_setup(struct rte_rawdev *dev,
if (conf_size != sizeof(*rxq_conf))
return -EINVAL;
+ if (rxq_conf->rx_mp == NULL) {
+ NTB_LOG(ERR, "Invalid null mempool pointer.");
+ return -EINVAL;
+ }
/* Allocate the rx queue data structure */
rxq = rte_zmalloc_socket("ntb rx queue",
sizeof(struct ntb_rx_queue),
@@ -325,10 +329,6 @@ ntb_rxq_setup(struct rte_rawdev *dev,
return -ENOMEM;
}
- if (rxq_conf->rx_mp == NULL) {
- NTB_LOG(ERR, "Invalid null mempool pointer.");
- return -EINVAL;
- }
rxq->nb_rx_desc = rxq_conf->nb_desc;
rxq->mpool = rxq_conf->rx_mp;
rxq->port_id = dev->dev_id;
@@ -445,6 +445,7 @@ ntb_txq_setup(struct rte_rawdev *dev,
NTB_LOG(ERR, "tx_free_thresh must be less than nb_desc - 3. "
"(tx_free_thresh=%u qp_id=%u)", txq->tx_free_thresh,
qp_id);
+ ntb_txq_release(txq);
return -EINVAL;
}
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 20/20] regex/mlx5: fix a memory leak in error handling
[not found] <cover.1645551559.git.liwg06@foxmail.com>
` (18 preceding siblings ...)
2022-02-22 18:28 ` [PATCH 19/20] raw/ntb: fix some " Weiguo Li
@ 2022-02-22 18:28 ` Weiguo Li
19 siblings, 0 replies; 27+ messages in thread
From: Weiguo Li @ 2022-02-22 18:28 UTC (permalink / raw)
To: dev
Cc: adypodoman, xiaoyun.li, tianfei.zhang, bruce.richardson,
ivan.malov, jgrajcia, hkalra, ying.a.wang, ting.xu, simei.su,
qiming.yang, motih, shreyansh.jain, skoteshwar, stephen,
kalesh-anakkur.purayil, somnath.kotur, declan.doherty, gakhil,
nicolas.chautru
When rxp_create_mkey() failed the function return, 'ptr' was not
freed which caused a memory leak.
Fixes: 9fa82d287f65 ("regex/mlx5: move RXP to CrSpace")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/regex/mlx5/mlx5_rxp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/regex/mlx5/mlx5_rxp.c b/drivers/regex/mlx5/mlx5_rxp.c
index ed3af15e40..4da29a2a06 100644
--- a/drivers/regex/mlx5/mlx5_rxp.c
+++ b/drivers/regex/mlx5/mlx5_rxp.c
@@ -117,8 +117,10 @@ mlx5_regex_rules_db_import(struct rte_regexdev *dev,
rte_memcpy(ptr, rule_db, rule_db_len);
/* Register umem and create rof mkey. */
ret = rxp_create_mkey(priv, ptr, rule_db_len, /*access=*/7, &mkey);
- if (ret < 0)
+ if (ret < 0) {
+ rte_free(ptr);
return ret;
+ }
for (id = 0; id < priv->nb_engines; id++) {
ret = mlx5_devx_regex_rules_program(priv->cdev->ctx, id,
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread