2024-06-10 22:40:39

by Javier Carrasco

[permalink] [raw]
Subject: [PATCH] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()

The fwnode_for_each_child_node() loop requires manual intervention to
decrement the child refcount in case of an early return.

Add the missing calls to fwnode_handle_put(child) to avoid memory leaks
in the error paths.

Cc: [email protected]
Fixes: 679f8652064b ("leds: Add mt6360 driver")
Signed-off-by: Javier Carrasco <[email protected]>
---
This bug was found while analyzing the code and I have no real hardware
to validate the fix beyond compilation and static analysis. But given
that the child node is only used to retrieve some properties within the
fwnode_for_each_child_node(), and it is not used outside the loop, the
fix is straightforward.

Nevertheless, any tests to catch regressions with real hardware are
always welcome.

The bug has been around since the driver was added.
---
drivers/leds/flash/leds-mt6360.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c
index 1b75b4d36834..4c74f1cf01f0 100644
--- a/drivers/leds/flash/leds-mt6360.c
+++ b/drivers/leds/flash/leds-mt6360.c
@@ -643,14 +643,17 @@ static int mt6360_init_isnk_properties(struct mt6360_led *led,

ret = fwnode_property_read_u32(child, "reg", &reg);
if (ret || reg > MT6360_LED_ISNK3 ||
- priv->leds_active & BIT(reg))
+ priv->leds_active & BIT(reg)) {
+ fwnode_handle_put(child);
return -EINVAL;
+ }

ret = fwnode_property_read_u32(child, "color", &color);
if (ret) {
dev_err(priv->dev,
"led %d, no color specified\n",
led->led_no);
+ fwnode_handle_put(child);
return ret;
}


---
base-commit: d35b2284e966c0bef3e2182a5c5ea02177dd32e4
change-id: 20240610-leds-mt6360-memleak-78faf3e435b0

Best regards,
--
Javier Carrasco <[email protected]>



2024-06-11 14:08:48

by Markus Elfring

[permalink] [raw]
Subject: Re: [PATCH] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()


> Add the missing calls to fwnode_handle_put(child) to avoid memory leaks
> in the error paths.

I suggest to apply a goto chain for a while.
https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources

Will the application of scope-based resource management become feasible with another delay?
https://elixir.bootlin.com/linux/v6.10-rc3/source/include/linux/cleanup.h#L8

Regards,
Markus

2024-06-11 14:32:34

by Javier Carrasco

[permalink] [raw]
Subject: Re: [PATCH] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()

On 11/06/2024 16:01, Markus Elfring wrote:
> …
>> Add the missing calls to fwnode_handle_put(child) to avoid memory leaks
>> in the error paths.
>
> I suggest to apply a goto chain for a while.
> https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources
>
> Will the application of scope-based resource management become feasible with another delay?
> https://elixir.bootlin.com/linux/v6.10-rc3/source/include/linux/cleanup.h#L8
>
> Regards,
> Markus

I considered that option too, but there is still no _scoped() variant of
the loop. The scoped version of the _available_ variant is being
discussed, though. Maybe that one could be used here if there is no need
to iterate over unavailable nodes.

We could not back port that solution anyway, so I would suggest this
solution (or the one with a goto), and then a separate patch to used a
scoped macro if preferred.

Best regards,
Javier Carrasco



2024-06-12 07:58:29

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()

On Tue, Jun 11, 2024 at 04:01:49PM +0200, Markus Elfring wrote:
> …
> > Add the missing calls to fwnode_handle_put(child) to avoid memory leaks
> > in the error paths.
>
> I suggest to apply a goto chain for a while.
> https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources
>
> Will the application of scope-based resource management become feasible with another delay?
> https://elixir.bootlin.com/linux/v6.10-rc3/source/include/linux/cleanup.h#L8
>
> Regards,
> Markus
>


Hi,

This is the semi-friendly patch-bot of Greg Kroah-Hartman.

Markus, you seem to have sent a nonsensical or otherwise pointless
review comment to a patch submission on a Linux kernel developer mailing
list. I strongly suggest that you not do this anymore. Please do not
bother developers who are actively working to produce patches and
features with comments that, in the end, are a waste of time.

Patch submitter, please ignore Markus's suggestion; you do not need to
follow it at all. The person/bot/AI that sent it is being ignored by
almost all Linux kernel maintainers for having a persistent pattern of
behavior of producing distracting and pointless commentary, and
inability to adapt to feedback. Please feel free to also ignore emails
from them.

thanks,

greg k-h's patch email bot

2024-06-13 17:19:30

by Lee Jones

[permalink] [raw]
Subject: Re: (subset) [PATCH] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()

On Tue, 11 Jun 2024 00:40:26 +0200, Javier Carrasco wrote:
> The fwnode_for_each_child_node() loop requires manual intervention to
> decrement the child refcount in case of an early return.
>
> Add the missing calls to fwnode_handle_put(child) to avoid memory leaks
> in the error paths.
>
>
> [...]

Applied, thanks!

[1/1] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()
commit: 6e0b2281085191fbf34fb24ef272cb44a82de4f0

--
Lee Jones [李琼斯]