Commit 68440cf0 authored Jun 17, 2024 by José Expósito Committed by Zeng Heng Jun 17, 2024

IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()

stable inclusion
from stable-v4.19.223
commit 0aaec9c5f60754b56f84460ea439b8c5e91f4caa
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RD02
CVE: CVE-2021-47485

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0aaec9c5f60754b56f84460ea439b8c5e91f4caa

--------------------------------

[ Upstream commit bee90911 ]

The wrong goto label was used for the error case and missed cleanup of the
pkt allocation.

Fixes: d39bf40e ("IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields")
Link: https://lore.kernel.org/r/20211208175238.29983-1-jose.exposito89@gmail.com


Addresses-Coverity-ID: 1493352 ("Resource leak")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Acked-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Zeng Heng <zengheng4@huawei.com>

parent d80e8a91

drivers/infiniband/hw/qib/qib_user_sdma.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -945,7 +945,7 @@ static int qib_user_sdma_queue_pkts(const struct qib_devdata *dd,
		&addrlimit) \|\|
		addrlimit > type_max(typeof(pkt->addrlimit))) {
		ret = -EINVAL;
		goto free_pbc;
		goto free_pkt;
		}
		pkt->addrlimit = addrlimit;