In brcmstb_dpfe_download_firmware(), memory is allocated to variable fw by
firmware_request_nowarn(), but never released. Fix up to release fw on
all return paths.
Signed-off-by: Alex Dewar <[email protected]>
---
drivers/memory/brcmstb_dpfe.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/memory/brcmstb_dpfe.c b/drivers/memory/brcmstb_dpfe.c
index 60e8633b1175..f24a9dc65f3c 100644
--- a/drivers/memory/brcmstb_dpfe.c
+++ b/drivers/memory/brcmstb_dpfe.c
@@ -616,7 +616,7 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
const u32 *dmem, *imem;
struct init_data init;
const void *fw_blob;
- int ret;
+ int ret = 0;
/*
* Skip downloading the firmware if the DCPU is already running and
@@ -647,8 +647,10 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
return (ret == -ENOENT) ? -EPROBE_DEFER : ret;
ret = __verify_firmware(&init, fw);
- if (ret)
- return -EFAULT;
+ if (ret) {
+ ret = -EFAULT;
+ goto release_fw;
+ }
__disable_dcpu(priv);
@@ -667,18 +669,20 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
ret = __write_firmware(priv->dmem, dmem, dmem_size, is_big_endian);
if (ret)
- return ret;
+ goto release_fw;
ret = __write_firmware(priv->imem, imem, imem_size, is_big_endian);
if (ret)
- return ret;
+ goto release_fw;
ret = __verify_fw_checksum(&init, priv, header, init.chksum);
if (ret)
- return ret;
+ goto release_fw;
__enable_dcpu(priv);
- return 0;
+release_fw:
+ release_firmware(fw);
+ return ret;
}
static ssize_t generic_show(unsigned int command, u32 response[],
--
2.28.0
On Tue, Aug 18, 2020 at 12:02:01PM +0100, Alex Dewar wrote:
> In brcmstb_dpfe_download_firmware(), memory is allocated to variable fw by
> firmware_request_nowarn(), but never released. Fix up to release fw on
> all return paths.
>
> Signed-off-by: Alex Dewar <[email protected]>
> ---
> drivers/memory/brcmstb_dpfe.c | 18 +++++++++++-------
> 1 file changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/memory/brcmstb_dpfe.c b/drivers/memory/brcmstb_dpfe.c
> index 60e8633b1175..f24a9dc65f3c 100644
> --- a/drivers/memory/brcmstb_dpfe.c
> +++ b/drivers/memory/brcmstb_dpfe.c
> @@ -616,7 +616,7 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
> const u32 *dmem, *imem;
> struct init_data init;
> const void *fw_blob;
> - int ret;
> + int ret = 0;
This does not look needed. Why initializing it? You cannot jump to
release_fw label or reach it without going through assignment.
Best regards,
Krzysztof
>
> /*
> * Skip downloading the firmware if the DCPU is already running and
> @@ -647,8 +647,10 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
> return (ret == -ENOENT) ? -EPROBE_DEFER : ret;
>
> ret = __verify_firmware(&init, fw);
> - if (ret)
> - return -EFAULT;
> + if (ret) {
> + ret = -EFAULT;
> + goto release_fw;
> + }
>
> __disable_dcpu(priv);
>
> @@ -667,18 +669,20 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
>
> ret = __write_firmware(priv->dmem, dmem, dmem_size, is_big_endian);
> if (ret)
> - return ret;
> + goto release_fw;
> ret = __write_firmware(priv->imem, imem, imem_size, is_big_endian);
> if (ret)
> - return ret;
> + goto release_fw;
>
> ret = __verify_fw_checksum(&init, priv, header, init.chksum);
> if (ret)
> - return ret;
> + goto release_fw;
>
> __enable_dcpu(priv);
>
> - return 0;
> +release_fw:
> + release_firmware(fw);
> + return ret;
> }
>
> static ssize_t generic_show(unsigned int command, u32 response[],
> --
> 2.28.0
>
On Thu, Aug 20, 2020 at 05:29:44PM +0200, Krzysztof Kozlowski wrote:
> On Tue, Aug 18, 2020 at 12:02:01PM +0100, Alex Dewar wrote:
> > In brcmstb_dpfe_download_firmware(), memory is allocated to variable fw by
> > firmware_request_nowarn(), but never released. Fix up to release fw on
> > all return paths.
> >
> > Signed-off-by: Alex Dewar <[email protected]>
> > ---
> > drivers/memory/brcmstb_dpfe.c | 18 +++++++++++-------
> > 1 file changed, 11 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/memory/brcmstb_dpfe.c b/drivers/memory/brcmstb_dpfe.c
> > index 60e8633b1175..f24a9dc65f3c 100644
> > --- a/drivers/memory/brcmstb_dpfe.c
> > +++ b/drivers/memory/brcmstb_dpfe.c
> > @@ -616,7 +616,7 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
> > const u32 *dmem, *imem;
> > struct init_data init;
> > const void *fw_blob;
> > - int ret;
> > + int ret = 0;
>
> This does not look needed. Why initializing it? You cannot jump to
> release_fw label or reach it without going through assignment.
>
> Best regards,
> Krzysztof
Good spot! I'll send a v2.
>
> >
> > /*
> > * Skip downloading the firmware if the DCPU is already running and
> > @@ -647,8 +647,10 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
> > return (ret == -ENOENT) ? -EPROBE_DEFER : ret;
> >
> > ret = __verify_firmware(&init, fw);
> > - if (ret)
> > - return -EFAULT;
> > + if (ret) {
> > + ret = -EFAULT;
> > + goto release_fw;
> > + }
> >
> > __disable_dcpu(priv);
> >
> > @@ -667,18 +669,20 @@ static int brcmstb_dpfe_download_firmware(struct brcmstb_dpfe_priv *priv)
> >
> > ret = __write_firmware(priv->dmem, dmem, dmem_size, is_big_endian);
> > if (ret)
> > - return ret;
> > + goto release_fw;
> > ret = __write_firmware(priv->imem, imem, imem_size, is_big_endian);
> > if (ret)
> > - return ret;
> > + goto release_fw;
> >
> > ret = __verify_fw_checksum(&init, priv, header, init.chksum);
> > if (ret)
> > - return ret;
> > + goto release_fw;
> >
> > __enable_dcpu(priv);
> >
> > - return 0;
> > +release_fw:
> > + release_firmware(fw);
> > + return ret;
> > }
> >
> > static ssize_t generic_show(unsigned int command, u32 response[],
> > --
> > 2.28.0
> >