LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Martyna Szapar <martyna.szapar@intel.com>,
	Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
	Sasha Levin <sashal@kernel.org>,
	netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.1 013/375] i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
Date: Wed, 22 May 2019 15:15:13 -0400	[thread overview]
Message-ID: <20190522192115.22666-13-sashal@kernel.org> (raw)
In-Reply-To: <20190522192115.22666-1-sashal@kernel.org>

From: Martyna Szapar <martyna.szapar@intel.com>

[ Upstream commit 24474f2709af6729b9b1da1c5e160ab62e25e3a4 ]

Fixed possible memory leak in i40e_vc_add_cloud_filter function:
cfilter is being allocated and in some error conditions
the function returns without freeing the memory.

Fix of integer truncation from u16 (type of queue_id value) to u8
when calling i40e_vc_isvalid_queue_id function.

Signed-off-by: Martyna Szapar <martyna.szapar@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../net/ethernet/intel/i40e/i40e_virtchnl_pf.c   | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 831d52bc3c9ae..0b5b867c9fbcb 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -181,7 +181,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct i40e_vf *vf, u16 vsi_id)
  * check for the valid queue id
  **/
 static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id,
-					    u8 qid)
+					    u16 qid)
 {
 	struct i40e_pf *pf = vf->pf;
 	struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id);
@@ -3374,7 +3374,7 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
 
 	if (!test_bit(I40E_VF_STATE_ACTIVE, &vf->vf_states)) {
 		aq_ret = I40E_ERR_PARAM;
-		goto err;
+		goto err_out;
 	}
 
 	if (!vf->adq_enabled) {
@@ -3382,7 +3382,7 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
 			 "VF %d: ADq is not enabled, can't apply cloud filter\n",
 			 vf->vf_id);
 		aq_ret = I40E_ERR_PARAM;
-		goto err;
+		goto err_out;
 	}
 
 	if (i40e_validate_cloud_filter(vf, vcf)) {
@@ -3390,7 +3390,7 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
 			 "VF %d: Invalid input/s, can't apply cloud filter\n",
 			 vf->vf_id);
 		aq_ret = I40E_ERR_PARAM;
-		goto err;
+		goto err_out;
 	}
 
 	cfilter = kzalloc(sizeof(*cfilter), GFP_KERNEL);
@@ -3451,13 +3451,17 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg)
 			"VF %d: Failed to add cloud filter, err %s aq_err %s\n",
 			vf->vf_id, i40e_stat_str(&pf->hw, ret),
 			i40e_aq_str(&pf->hw, pf->hw.aq.asq_last_status));
-		goto err;
+		goto err_free;
 	}
 
 	INIT_HLIST_NODE(&cfilter->cloud_node);
 	hlist_add_head(&cfilter->cloud_node, &vf->cloud_filter_list);
+	/* release the pointer passing it to the collection */
+	cfilter = NULL;
 	vf->num_cloud_filters++;
-err:
+err_free:
+	kfree(cfilter);
+err_out:
 	return i40e_vc_send_resp_to_vf(vf, VIRTCHNL_OP_ADD_CLOUD_FILTER,
 				       aq_ret);
 }
-- 
2.20.1


  parent reply	other threads:[~2019-05-22 19:21 UTC|newest]

Thread overview: 88+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-22 19:15 [PATCH AUTOSEL 5.1 001/375] gfs2: Fix lru_count going negative Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 002/375] cxgb4: Fix error path in cxgb4_init_module Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 003/375] afs: Fix getting the afs.fid xattr Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 004/375] NFS: make nfs_match_client killable Sasha Levin
2019-05-23 15:02   ` Benjamin Coddington
2019-05-29 18:46     ` Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 005/375] gfs2: fix race between gfs2_freeze_func and unmount Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 006/375] io_uring: use cpu_online() to check p->sq_thread_cpu instead of cpu_possible() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 007/375] IB/hfi1: Fix WQ_MEM_RECLAIM warning Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 008/375] gfs2: Fix occasional glock use-after-free Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 009/375] mmc: core: Verify SD bus width Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 010/375] batman-adv: mcast: fix multicast tt/tvlv worker locking Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 011/375] ip6: fix skb leak in ip6frag_expire_frag_queue() Sasha Levin
2019-05-23  7:47   ` Stefan Bader
2019-05-29 18:48     ` Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 012/375] tools/bpf: fix perf build error with uClibc (seen on ARC) Sasha Levin
2019-05-22 19:15 ` Sasha Levin [this message]
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 014/375] libbpf: fix invalid munmap call Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 015/375] selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 016/375] bpftool: exclude bash-completion/bpftool from .gitignore pattern Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 017/375] ice: Separate if conditions for ice_set_features() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 018/375] ice: Preserve VLAN Rx stripping settings Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 019/375] blk-mq: split blk_mq_alloc_and_init_hctx into two parts Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 020/375] blk-mq: grab .q_usage_counter when queuing request from plug code path Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 021/375] dmaengine: tegra210-dma: free dma controller in remove() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 022/375] net: ena: gcc 8: fix compilation warning Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 023/375] net: ena: fix: set freed objects to NULL to avoid failing future allocations Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 024/375] hv_netvsc: fix race that may miss tx queue wakeup Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 025/375] orangefs: truncate before updating size Sasha Levin
2019-05-22 21:44   ` martin
2019-05-29 18:51     ` Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 026/375] Bluetooth: Ignore CC events not matching the last HCI command Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 027/375] pinctrl: zte: fix leaked of_node references Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 028/375] ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 029/375] usb: dwc2: gadget: Increase descriptors count for ISOC's Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 030/375] usb: dwc3: move synchronize_irq() out of the spinlock protected block Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 031/375] usb: gadget: f_fs: don't free buffer prematurely Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 032/375] ASoC: hdmi-codec: unlock the device on startup errors Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 033/375] leds: avoid races with workqueue Sasha Levin
2019-05-24 22:55   ` Pavel Machek
2019-05-29 18:51     ` Sasha Levin
2019-06-17 15:57       ` Pavel Machek
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 034/375] powerpc/perf: Return accordingly on invalid chip-id in Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 035/375] powerpc/boot: Fix missing check of lseek() return value Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 036/375] powerpc/perf: Fix loop exit condition in nest_imc_event_init Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 037/375] spi: atmel-quadspi: fix crash while suspending Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 038/375] ASoC: imx: fix fiq dependencies Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 039/375] spi: pxa2xx: fix SCR (divisor) calculation Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 040/375] net/mlx5: E-Switch, Use atomic rep state to serialize state change Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 041/375] brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 042/375] ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 043/375] drm/nouveau/bar/nv50: ensure BAR is mapped Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 044/375] media: stm32-dcmi: return appropriate error codes during probe Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 045/375] ARM: vdso: Remove dependency with the arch_timer driver internals Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 046/375] arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 047/375] mt76: remove mt76_queue dependency from tx_queue_skb function pointer Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 048/375] x86/ftrace: Set trampoline pages as executable Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 049/375] powerpc/watchdog: Use hrtimers for per-CPU heartbeat Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 050/375] cpufreq: Fix kobject memleak Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 051/375] scsi: qla2xxx: Fix a qla24xx_enable_msix() error path Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 052/375] scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 053/375] scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 054/375] scsi: qla2xxx: Fix hardirq-unsafe locking Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 055/375] x86/modules: Avoid breaking W^X while loading modules Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 056/375] Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 057/375] btrfs: fix panic during relocation after ENOSPC before writeback happens Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 058/375] btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan Sasha Levin
2019-05-22 19:15 ` [PATCH AUTOSEL 5.1 059/375] btrfs: Don't panic when we can't find a root key Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 060/375] iwlwifi: pcie: don't crash on invalid RX interrupt Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 061/375] rtc: 88pm860x: prevent use-after-free on device remove Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 062/375] rtc: stm32: manage the get_irq probe defer case Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 063/375] scsi: qedi: Abort ep termination if offload not scheduled Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 064/375] s390/kexec_file: Fix detection of text segment in ELF loader Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 065/375] ALSA: hda: fix unregister device twice on ASoC driver Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 066/375] sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 067/375] net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 068/375] w1: fix the resume command API Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 069/375] net: hns3: fix pause configure fail problem Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 070/375] net: hns3: fix for TX clean num when cleaning TX BD Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 071/375] net: phy: improve genphy_soft_reset Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 072/375] s390: qeth: address type mismatch warning Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 073/375] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 074/375] net: hns3: use atomic_t replace u32 for arq's count Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 075/375] dmaengine: pl330: _stop: clear interrupt status Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 076/375] mac80211/cfg80211: update bss channel on channel switch Sasha Levin
2019-05-22 19:16 ` [PATCH AUTOSEL 5.1 077/375] USB: serial: fix initial-termios handling Sasha Levin
2019-05-23  5:26   ` Johan Hovold
2019-05-29 18:56     ` Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190522192115.22666-13-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=jeffrey.t.kirsher@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martyna.szapar@intel.com \
    --cc=netdev@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --subject='Re: [PATCH AUTOSEL 5.1 013/375] i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).