eal: fix memory leak in uevent parse and process

Message ID 1590231141-30684-1-git-send-email-wangyunjian@huawei.com (mailing list archive)
State Accepted, archived
Delegated to: David Marchand
Headers
Series eal: fix memory leak in uevent parse and process |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-nxp-Performance success Performance Testing PASS
ci/Intel-compilation success Compilation OK
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing fail Testing issues
ci/travis-robot success Travis build: passed

Commit Message

Yunjian Wang May 23, 2020, 10:52 a.m. UTC
From: Yunjian Wang <wangyunjian@huawei.com>

When the memory for uevent.devname is allocated in dev_uev_parse(). It
is not freed when parse the subsystem layer fails in dev_uev_parse().
And Before return, it is also not freed in dev_uev_handler(). These
cause a memory leak.

Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
 lib/librte_eal/linux/eal_dev.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
  

Comments

Yunjian Wang July 17, 2020, 11:44 a.m. UTC | #1
Is there any ideas on this bug?
Ping for review, please.

Yunjian

> -----Original Message-----
> From: wangyunjian
> Sent: Saturday, May 23, 2020 6:52 PM
> To: dev@dpdk.org
> Cc: Lilijun (Jerry) <jerry.lilijun@huawei.com>; xudingke
> <xudingke@huawei.com>; wangyunjian <wangyunjian@huawei.com>;
> stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] eal: fix memory leak in uevent parse and process
> 
> From: Yunjian Wang <wangyunjian@huawei.com>
> 
> When the memory for uevent.devname is allocated in dev_uev_parse(). It is not
> freed when parse the subsystem layer fails in dev_uev_parse().
> And Before return, it is also not freed in dev_uev_handler(). These cause a
> memory leak.
> 
> Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>  lib/librte_eal/linux/eal_dev.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/librte_eal/linux/eal_dev.c b/lib/librte_eal/linux/eal_dev.c index
> 83c9cd660..3a2bf8514 100644
> --- a/lib/librte_eal/linux/eal_dev.c
> +++ b/lib/librte_eal/linux/eal_dev.c
> @@ -189,7 +189,7 @@ dev_uev_parse(const char *buf, struct rte_dev_event
> *event, int length)
>  	else if (!strncmp(subsystem, "vfio", 4))
>  		event->subsystem = EAL_DEV_EVENT_SUBSYSTEM_VFIO;
>  	else
> -		return -1;
> +		goto out;
> 
>  	/* parse the action type */
>  	if (!strncmp(action, "add", 3))
> @@ -197,8 +197,12 @@ dev_uev_parse(const char *buf, struct rte_dev_event
> *event, int length)
>  	else if (!strncmp(action, "remove", 6))
>  		event->type = RTE_DEV_EVENT_REMOVE;
>  	else
> -		return -1;
> +		goto out;
>  	return 0;
> +out:
> +	if (event->devname)
> +		free(event->devname);
> +	return -1;
>  }
> 
>  static void
> @@ -277,12 +281,14 @@ dev_uev_handler(__rte_unused void *param)
>  			rte_spinlock_unlock(&failure_handle_lock);
>  		}
>  		rte_dev_event_callback_process(uevent.devname, uevent.type);
> +		free(uevent.devname);
>  	}
> 
>  	return;
> 
>  failure_handle_err:
>  	rte_spinlock_unlock(&failure_handle_lock);
> +	free(uevent.devname);
>  }
> 
>  int
> --
> 2.23.0
>
  
David Marchand Oct. 20, 2020, 2:07 p.m. UTC | #2
On Sat, May 23, 2020 at 12:52 PM wangyunjian <wangyunjian@huawei.com> wrote:
>
> From: Yunjian Wang <wangyunjian@huawei.com>
>
> When the memory for uevent.devname is allocated in dev_uev_parse(). It
> is not freed when parse the subsystem layer fails in dev_uev_parse().
> And Before return, it is also not freed in dev_uev_handler(). These
> cause a memory leak.
>
> Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> Cc: stable@dpdk.org
>
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>  lib/librte_eal/linux/eal_dev.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/lib/librte_eal/linux/eal_dev.c b/lib/librte_eal/linux/eal_dev.c
> index 83c9cd660..3a2bf8514 100644
> --- a/lib/librte_eal/linux/eal_dev.c
> +++ b/lib/librte_eal/linux/eal_dev.c
> @@ -189,7 +189,7 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
>         else if (!strncmp(subsystem, "vfio", 4))
>                 event->subsystem = EAL_DEV_EVENT_SUBSYSTEM_VFIO;
>         else
> -               return -1;
> +               goto out;

Changed label as err.


>
>         /* parse the action type */
>         if (!strncmp(action, "add", 3))
> @@ -197,8 +197,12 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
>         else if (!strncmp(action, "remove", 6))
>                 event->type = RTE_DEV_EVENT_REMOVE;
>         else
> -               return -1;
> +               goto out;
>         return 0;
> +out:
> +       if (event->devname)

No need for this check.
Removed while applying.


> +               free(event->devname);
> +       return -1;
>  }
>
>  static void
> @@ -277,12 +281,14 @@ dev_uev_handler(__rte_unused void *param)
>                         rte_spinlock_unlock(&failure_handle_lock);
>                 }
>                 rte_dev_event_callback_process(uevent.devname, uevent.type);
> +               free(uevent.devname);
>         }
>
>         return;
>
>  failure_handle_err:
>         rte_spinlock_unlock(&failure_handle_lock);
> +       free(uevent.devname);
>  }
>
>  int
> --
> 2.23.0

Reviewed-by: David Marchand <david.marchand@redhat.com>

Applied, thanks.
  

Patch

diff --git a/lib/librte_eal/linux/eal_dev.c b/lib/librte_eal/linux/eal_dev.c
index 83c9cd660..3a2bf8514 100644
--- a/lib/librte_eal/linux/eal_dev.c
+++ b/lib/librte_eal/linux/eal_dev.c
@@ -189,7 +189,7 @@  dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
 	else if (!strncmp(subsystem, "vfio", 4))
 		event->subsystem = EAL_DEV_EVENT_SUBSYSTEM_VFIO;
 	else
-		return -1;
+		goto out;
 
 	/* parse the action type */
 	if (!strncmp(action, "add", 3))
@@ -197,8 +197,12 @@  dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
 	else if (!strncmp(action, "remove", 6))
 		event->type = RTE_DEV_EVENT_REMOVE;
 	else
-		return -1;
+		goto out;
 	return 0;
+out:
+	if (event->devname)
+		free(event->devname);
+	return -1;
 }
 
 static void
@@ -277,12 +281,14 @@  dev_uev_handler(__rte_unused void *param)
 			rte_spinlock_unlock(&failure_handle_lock);
 		}
 		rte_dev_event_callback_process(uevent.devname, uevent.type);
+		free(uevent.devname);
 	}
 
 	return;
 
 failure_handle_err:
 	rte_spinlock_unlock(&failure_handle_lock);
+	free(uevent.devname);
 }
 
 int