RDMA/ucma: Fix resource leak on error path

In ucma_process_join(), if the call to xa_alloc() fails, the function will
return without freeing mc. Fix this by jumping to the correct line.

In the process I renamed the jump labels to something more memorable for
extra clarity.

Link: https://lore.kernel.org/r/20200902162454.332828-1-alex.dewar90@gmail.com
Addresses-Coverity-ID: 1496814 ("Resource leak")
Fixes: 95fe51096b7a ("RDMA/ucma: Remove mc_list and rely on xarray")
Signed-off-by: Alex Dewar <alex.dewar90@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index f2c9ef6..a5595bd 100644 (file)
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -1453,7 +1453,7 @@ static ssize_t ucma_process_join(struct ucma_file *file,
        mc = kzalloc(sizeof(*mc), GFP_KERNEL);
        if (!mc) {
                ret = -ENOMEM;
-               goto err1;
+               goto err_put_ctx;
        }
 
        mc->ctx = ctx;
@@ -1464,7 +1464,7 @@ static ssize_t ucma_process_join(struct ucma_file *file,
        if (xa_alloc(&multicast_table, &mc->id, NULL, xa_limit_32b,
                     GFP_KERNEL)) {
                ret = -ENOMEM;
-               goto err1;
+               goto err_free_mc;
        }
 
        mutex_lock(&ctx->mutex);
@@ -1472,13 +1472,13 @@ static ssize_t ucma_process_join(struct ucma_file *file,
                                  join_state, mc);
        mutex_unlock(&ctx->mutex);
        if (ret)
-               goto err2;
+               goto err_xa_erase;
 
        resp.id = mc->id;
        if (copy_to_user(u64_to_user_ptr(cmd->response),
                         &resp, sizeof(resp))) {
                ret = -EFAULT;
-               goto err3;
+               goto err_leave_multicast;
        }
 
        xa_store(&multicast_table, mc->id, mc, 0);
@@ -1486,15 +1486,16 @@ static ssize_t ucma_process_join(struct ucma_file *file,
        ucma_put_ctx(ctx);
        return 0;
 
-err3:
+err_leave_multicast:
        mutex_lock(&ctx->mutex);
        rdma_leave_multicast(ctx->cm_id, (struct sockaddr *) &mc->addr);
        mutex_unlock(&ctx->mutex);
        ucma_cleanup_mc_events(mc);
-err2:
+err_xa_erase:
        xa_erase(&multicast_table, mc->id);
+err_free_mc:
        kfree(mc);
-err1:
+err_put_ctx:
        ucma_put_ctx(ctx);
        return ret;
 }