In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by
platform_device_alloc(). When it is NULL, function returns ENOMEM.
However, 'machine' is allocated by devm_kzalloc() before this site.
Thus we should free 'machine' before function ends to prevent memory
leaking.
Further, we should free 'machine->util_data', 'machine->codec' and
'machine' before this function normally ends to prevent memory leaking.
Signed-off-by: Gen Zhang <[email protected]>
---
diff --git a/sound/soc/tegra/tegra_wm9712.c b/sound/soc/tegra/tegra_wm9712.c
index 864a334..295c41d 100644
--- a/sound/soc/tegra/tegra_wm9712.c
+++ b/sound/soc/tegra/tegra_wm9712.c
@@ -86,7 +86,8 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev)
machine->codec = platform_device_alloc("wm9712-codec", -1);
if (!machine->codec) {
dev_err(&pdev->dev, "Can't allocate wm9712 platform device\n");
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto codec_free;
}
ret = platform_device_add(machine->codec);
@@ -127,6 +128,10 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev)
goto asoc_utils_fini;
}
+ tegra_asoc_utils_fini(&machine->util_data);
+ platform_device_del(machine->codec);
+ platform_device_put(machine->codec);
+ devm_kfree(&pdev->dev, machine);
return 0;
asoc_utils_fini:
@@ -135,6 +140,8 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev)
platform_device_del(machine->codec);
codec_put:
platform_device_put(machine->codec);
+codec_free:
+ devm_kfree(&pdev->dev, machine);
return ret;
}
---
On 24/05/2019 01:50, Gen Zhang wrote:
> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by
> platform_device_alloc(). When it is NULL, function returns ENOMEM.
> However, 'machine' is allocated by devm_kzalloc() before this site.
> Thus we should free 'machine' before function ends to prevent memory
> leaking.
Memory allocated by devm_xxx() is automatically freed on failure so this
is not correct.
> Further, we should free 'machine->util_data', 'machine->codec' and
> 'machine' before this function normally ends to prevent memory leaking.
This is also incorrect. Why would we free all resources after
successfully initialising the driver?
> Signed-off-by: Gen Zhang <[email protected]>
> ---
> diff --git a/sound/soc/tegra/tegra_wm9712.c b/sound/soc/tegra/tegra_wm9712.c
> index 864a334..295c41d 100644
> --- a/sound/soc/tegra/tegra_wm9712.c
> +++ b/sound/soc/tegra/tegra_wm9712.c
> @@ -86,7 +86,8 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev)
> machine->codec = platform_device_alloc("wm9712-codec", -1);
> if (!machine->codec) {
> dev_err(&pdev->dev, "Can't allocate wm9712 platform device\n");
> - return -ENOMEM;
> + ret = -ENOMEM;
> + goto codec_free;
> }
>
> ret = platform_device_add(machine->codec);
> @@ -127,6 +128,10 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev)
> goto asoc_utils_fini;
> }
>
> + tegra_asoc_utils_fini(&machine->util_data);
> + platform_device_del(machine->codec);
> + platform_device_put(machine->codec);
> + devm_kfree(&pdev->dev, machine);
> return 0;
As stated above, this is incorrect.
Did you actually test this? I think you would find this would break the
driver.
Jon
--
nvpublic
On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote:
>
> On 24/05/2019 01:50, Gen Zhang wrote:
> > In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by
> > platform_device_alloc(). When it is NULL, function returns ENOMEM.
> > However, 'machine' is allocated by devm_kzalloc() before this site.
> > Thus we should free 'machine' before function ends to prevent memory
> > leaking.
>
> Memory allocated by devm_xxx() is automatically freed on failure so this
> is not correct.
Thanks for your comments, Jon. But after I examined the code, I am still
confused about the usage of devm_kmalloc(). You can kindly refer to
hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And
devm_kfree() is used to free a memory allocated by devm_kmalloc(). And
I found other situations similar to this in other files.
So, I hope you can give me some guidance on this. Thanks!
>
> > Further, we should free 'machine->util_data', 'machine->codec' and
> > 'machine' before this function normally ends to prevent memory leaking.
>
> This is also incorrect. Why would we free all resources after
> successfully initialising the driver?
I re-checked this part, and it is totally incorrect. It should be deleted.
Thanks
Gen
On 24/05/2019 15:33, Gen Zhang wrote:
> On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote:
>>
>> On 24/05/2019 01:50, Gen Zhang wrote:
>>> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by
>>> platform_device_alloc(). When it is NULL, function returns ENOMEM.
>>> However, 'machine' is allocated by devm_kzalloc() before this site.
>>> Thus we should free 'machine' before function ends to prevent memory
>>> leaking.
>>
>> Memory allocated by devm_xxx() is automatically freed on failure so this
>> is not correct.
> Thanks for your comments, Jon. But after I examined the code, I am still
> confused about the usage of devm_kmalloc(). You can kindly refer to
> hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And
> devm_kfree() is used to free a memory allocated by devm_kmalloc(). And
> I found other situations similar to this in other files.
>
> So, I hope you can give me some guidance on this. Thanks!
Please refer to the devres documentation [0].
Cheers,
Jon
[0] https://www.kernel.org/doc/Documentation/driver-model/devres.txt
--
nvpublic
On Fri, May 24, 2019 at 03:47:34PM +0100, Jon Hunter wrote:
>
> On 24/05/2019 15:33, Gen Zhang wrote:
> > On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote:
> >>
> >> On 24/05/2019 01:50, Gen Zhang wrote:
> >>> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by
> >>> platform_device_alloc(). When it is NULL, function returns ENOMEM.
> >>> However, 'machine' is allocated by devm_kzalloc() before this site.
> >>> Thus we should free 'machine' before function ends to prevent memory
> >>> leaking.
> >>
> >> Memory allocated by devm_xxx() is automatically freed on failure so this
> >> is not correct.
> > Thanks for your comments, Jon. But after I examined the code, I am still
> > confused about the usage of devm_kmalloc(). You can kindly refer to
> > hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And
> > devm_kfree() is used to free a memory allocated by devm_kmalloc(). And
> > I found other situations similar to this in other files.
> >
> > So, I hope you can give me some guidance on this. Thanks!
>
> Please refer to the devres documentation [0].
>
> Cheers,
> Jon
>
> [0] https://www.kernel.org/doc/Documentation/driver-model/devres.txt
>
> --
> nvpublic
Thanks for your reply. I figured out that devm_kmalloc will free the
memory no matter fail or not. But I still want to ask why other codes
as I above mentioned use devm_kfree() to free memory allocated by
devm_kmalloc(). If the memory is automatically freed, is this
devm_kfee() redundant codes that should be removed? Am I
misunderstanding this again or it is something else?
Thanks
Gen
On 24/05/2019 16:00, Gen Zhang wrote:
> On Fri, May 24, 2019 at 03:47:34PM +0100, Jon Hunter wrote:
>>
>> On 24/05/2019 15:33, Gen Zhang wrote:
>>> On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote:
>>>>
>>>> On 24/05/2019 01:50, Gen Zhang wrote:
>>>>> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by
>>>>> platform_device_alloc(). When it is NULL, function returns ENOMEM.
>>>>> However, 'machine' is allocated by devm_kzalloc() before this site.
>>>>> Thus we should free 'machine' before function ends to prevent memory
>>>>> leaking.
>>>>
>>>> Memory allocated by devm_xxx() is automatically freed on failure so this
>>>> is not correct.
>>> Thanks for your comments, Jon. But after I examined the code, I am still
>>> confused about the usage of devm_kmalloc(). You can kindly refer to
>>> hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And
>>> devm_kfree() is used to free a memory allocated by devm_kmalloc(). And
>>> I found other situations similar to this in other files.
>>>
>>> So, I hope you can give me some guidance on this. Thanks!
>>
>> Please refer to the devres documentation [0].
>>
>> Cheers,
>> Jon
>>
>> [0] https://www.kernel.org/doc/Documentation/driver-model/devres.txt
>>
>> --
>> nvpublic
> Thanks for your reply. I figured out that devm_kmalloc will free the
> memory no matter fail or not. But I still want to ask why other codes
> as I above mentioned use devm_kfree() to free memory allocated by
> devm_kmalloc(). If the memory is automatically freed, is this
> devm_kfee() redundant codes that should be removed? Am I
> misunderstanding this again or it is something else?
There could well be cases where you need to explicitly call
devm_kfree(), but having a quick glance at the example above, I don't
see why you would call devm_kfree() here and yes looks like that code
could be simplified significantly. Notice that hisi_sas_debugfs_exit()
does not free any memory as it is not necessary to explicitly do so.
Cheers
Jon
--
nvpublic
On Fri, May 24, 2019 at 04:36:54PM +0100, Jon Hunter wrote:
> There could well be cases where you need to explicitly call
> devm_kfree(), but having a quick glance at the example above, I don't
> see why you would call devm_kfree() here and yes looks like that code
> could be simplified significantly. Notice that hisi_sas_debugfs_exit()
> does not free any memory as it is not necessary to explicitly do so.
>
> Cheers
> Jon
>
> --
> nvpublic
Thanks for your suggestions, Jon! I think I need to e-mail to those
maintainers about this issue.
Thanks
Gen