eal: fix memory leak in uevent parse and process
Checks
Commit Message
From: Yunjian Wang <wangyunjian@huawei.com>
When the memory for uevent.devname is allocated in dev_uev_parse(). It
is not freed when parse the subsystem layer fails in dev_uev_parse().
And Before return, it is also not freed in dev_uev_handler(). These
cause a memory leak.
Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
lib/librte_eal/linux/eal_dev.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Comments
Is there any ideas on this bug?
Ping for review, please.
Yunjian
> -----Original Message-----
> From: wangyunjian
> Sent: Saturday, May 23, 2020 6:52 PM
> To: dev@dpdk.org
> Cc: Lilijun (Jerry) <jerry.lilijun@huawei.com>; xudingke
> <xudingke@huawei.com>; wangyunjian <wangyunjian@huawei.com>;
> stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] eal: fix memory leak in uevent parse and process
>
> From: Yunjian Wang <wangyunjian@huawei.com>
>
> When the memory for uevent.devname is allocated in dev_uev_parse(). It is not
> freed when parse the subsystem layer fails in dev_uev_parse().
> And Before return, it is also not freed in dev_uev_handler(). These cause a
> memory leak.
>
> Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> Cc: stable@dpdk.org
>
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
> lib/librte_eal/linux/eal_dev.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/lib/librte_eal/linux/eal_dev.c b/lib/librte_eal/linux/eal_dev.c index
> 83c9cd660..3a2bf8514 100644
> --- a/lib/librte_eal/linux/eal_dev.c
> +++ b/lib/librte_eal/linux/eal_dev.c
> @@ -189,7 +189,7 @@ dev_uev_parse(const char *buf, struct rte_dev_event
> *event, int length)
> else if (!strncmp(subsystem, "vfio", 4))
> event->subsystem = EAL_DEV_EVENT_SUBSYSTEM_VFIO;
> else
> - return -1;
> + goto out;
>
> /* parse the action type */
> if (!strncmp(action, "add", 3))
> @@ -197,8 +197,12 @@ dev_uev_parse(const char *buf, struct rte_dev_event
> *event, int length)
> else if (!strncmp(action, "remove", 6))
> event->type = RTE_DEV_EVENT_REMOVE;
> else
> - return -1;
> + goto out;
> return 0;
> +out:
> + if (event->devname)
> + free(event->devname);
> + return -1;
> }
>
> static void
> @@ -277,12 +281,14 @@ dev_uev_handler(__rte_unused void *param)
> rte_spinlock_unlock(&failure_handle_lock);
> }
> rte_dev_event_callback_process(uevent.devname, uevent.type);
> + free(uevent.devname);
> }
>
> return;
>
> failure_handle_err:
> rte_spinlock_unlock(&failure_handle_lock);
> + free(uevent.devname);
> }
>
> int
> --
> 2.23.0
>
On Sat, May 23, 2020 at 12:52 PM wangyunjian <wangyunjian@huawei.com> wrote:
>
> From: Yunjian Wang <wangyunjian@huawei.com>
>
> When the memory for uevent.devname is allocated in dev_uev_parse(). It
> is not freed when parse the subsystem layer fails in dev_uev_parse().
> And Before return, it is also not freed in dev_uev_handler(). These
> cause a memory leak.
>
> Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> Cc: stable@dpdk.org
>
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
> lib/librte_eal/linux/eal_dev.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/lib/librte_eal/linux/eal_dev.c b/lib/librte_eal/linux/eal_dev.c
> index 83c9cd660..3a2bf8514 100644
> --- a/lib/librte_eal/linux/eal_dev.c
> +++ b/lib/librte_eal/linux/eal_dev.c
> @@ -189,7 +189,7 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
> else if (!strncmp(subsystem, "vfio", 4))
> event->subsystem = EAL_DEV_EVENT_SUBSYSTEM_VFIO;
> else
> - return -1;
> + goto out;
Changed label as err.
>
> /* parse the action type */
> if (!strncmp(action, "add", 3))
> @@ -197,8 +197,12 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
> else if (!strncmp(action, "remove", 6))
> event->type = RTE_DEV_EVENT_REMOVE;
> else
> - return -1;
> + goto out;
> return 0;
> +out:
> + if (event->devname)
No need for this check.
Removed while applying.
> + free(event->devname);
> + return -1;
> }
>
> static void
> @@ -277,12 +281,14 @@ dev_uev_handler(__rte_unused void *param)
> rte_spinlock_unlock(&failure_handle_lock);
> }
> rte_dev_event_callback_process(uevent.devname, uevent.type);
> + free(uevent.devname);
> }
>
> return;
>
> failure_handle_err:
> rte_spinlock_unlock(&failure_handle_lock);
> + free(uevent.devname);
> }
>
> int
> --
> 2.23.0
Reviewed-by: David Marchand <david.marchand@redhat.com>
Applied, thanks.
@@ -189,7 +189,7 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
else if (!strncmp(subsystem, "vfio", 4))
event->subsystem = EAL_DEV_EVENT_SUBSYSTEM_VFIO;
else
- return -1;
+ goto out;
/* parse the action type */
if (!strncmp(action, "add", 3))
@@ -197,8 +197,12 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
else if (!strncmp(action, "remove", 6))
event->type = RTE_DEV_EVENT_REMOVE;
else
- return -1;
+ goto out;
return 0;
+out:
+ if (event->devname)
+ free(event->devname);
+ return -1;
}
static void
@@ -277,12 +281,14 @@ dev_uev_handler(__rte_unused void *param)
rte_spinlock_unlock(&failure_handle_lock);
}
rte_dev_event_callback_process(uevent.devname, uevent.type);
+ free(uevent.devname);
}
return;
failure_handle_err:
rte_spinlock_unlock(&failure_handle_lock);
+ free(uevent.devname);
}
int