In the function xdp_umem_pin_pages, if npgs != umem->npgs and
npgs >= 0, the function xdp_umem_unpin_pages is called. In this
function, kfree is called to handle umem->pgs, and then in the
function xdp_umem_pin_pages, kfree is called again to handle
umem->pgs. Eventually, to umem->pgs, kfree is called twice.
Since umem->pgs is set to NULL after the first kfree, the second
kfree would not trigger call trace.
Fixes: c0c77d8fb787 ("xsk: add user memory registration support sockopt")
CC: Ye Dong <dong...@intel.com>
Acked-by: Björn Töpel <bjorn.to...@intel.com>
Signed-off-by: Zhu Yanjun <yanjun....@intel.com>
---
net/xdp/xdp_umem.c | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/net/xdp/xdp_umem.c b/net/xdp/xdp_umem.c
index 56a28a686988..01b31c56cead 100644
--- a/net/xdp/xdp_umem.c
+++ b/net/xdp/xdp_umem.c
@@ -97,7 +97,6 @@ static int xdp_umem_pin_pages(struct xdp_umem *umem, unsigned
long address)
{
unsigned int gup_flags = FOLL_WRITE;
long npgs;
- int err;
umem->pgs = kcalloc(umem->npgs, sizeof(*umem->pgs),
GFP_KERNEL | __GFP_NOWARN);
@@ -112,20 +111,14 @@ static int xdp_umem_pin_pages(struct xdp_umem *umem,
unsigned long address)
if (npgs != umem->npgs) {
if (npgs >= 0) {
umem->npgs = npgs;
- err = -ENOMEM;
- goto out_pin;
+ xdp_umem_unpin_pages(umem);
+ return -ENOMEM;
}
- err = npgs;
- goto out_pgs;
+ kfree(umem->pgs);
+ umem->pgs = NULL;
+ return (int)npgs;
}
return 0;
-
-out_pin:
- xdp_umem_unpin_pages(umem);
-out_pgs:
- kfree(umem->pgs);
- umem->pgs = NULL;
- return err;
}
static int xdp_umem_account_pages(struct xdp_umem *umem)
--
2.18.4
