2022-07-18 12:25:57

by Gaosheng Cui

[permalink] [raw]
Subject: [PATCH -next,v4] nvmem: core: Fix memleak in nvmem_register()

dev_set_name will alloc memory for nvmem->dev.kobj.name in
nvmem_register, when nvmem_validate_keepouts failed, nvmem's
memory will be freed and return, but nobody will free memory
for nvmem->dev.kobj.name, there will be memleak, so moving
nvmem_validate_keepouts() after device_register() and let
the device core deal with cleaning name in error cases.

Fixes: de0534df9347 ("nvmem: core: fix error handling while validating keepout regions")
Signed-off-by: Gaosheng Cui <[email protected]>
---
drivers/nvmem/core.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 1e3c754efd0d..6067d3bbff5d 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -829,21 +829,19 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
nvmem->dev.groups = nvmem_dev_groups;
#endif

- if (nvmem->nkeepout) {
- rval = nvmem_validate_keepouts(nvmem);
- if (rval) {
- ida_free(&nvmem_ida, nvmem->id);
- kfree(nvmem);
- return ERR_PTR(rval);
- }
- }
-
dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);

rval = device_register(&nvmem->dev);
if (rval)
goto err_put_device;

+ if (nvmem->nkeepout) {
+ rval = nvmem_validate_keepouts(nvmem);
+ if (rval) {
+ goto err_device_del;
+ }
+ }
+
if (config->compat) {
rval = nvmem_sysfs_setup_compat(nvmem, config);
if (rval)
--
2.25.1


2022-07-18 12:35:45

by Srinivas Kandagatla

[permalink] [raw]
Subject: Re: [PATCH -next,v4] nvmem: core: Fix memleak in nvmem_register()



On 18/07/2022 13:21, Gaosheng Cui wrote:
> dev_set_name will alloc memory for nvmem->dev.kobj.name in
> nvmem_register, when nvmem_validate_keepouts failed, nvmem's
> memory will be freed and return, but nobody will free memory
> for nvmem->dev.kobj.name, there will be memleak, so moving
> nvmem_validate_keepouts() after device_register() and let
> the device core deal with cleaning name in error cases.
>
> Fixes: de0534df9347 ("nvmem: core: fix error handling while validating keepout regions")
> Signed-off-by: Gaosheng Cui <[email protected]>
> ---

What changed since v3?

> drivers/nvmem/core.c | 16 +++++++---------
> 1 file changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
> index 1e3c754efd0d..6067d3bbff5d 100644
> --- a/drivers/nvmem/core.c
> +++ b/drivers/nvmem/core.c
> @@ -829,21 +829,19 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
> nvmem->dev.groups = nvmem_dev_groups;
> #endif
>
> - if (nvmem->nkeepout) {
> - rval = nvmem_validate_keepouts(nvmem);
> - if (rval) {
> - ida_free(&nvmem_ida, nvmem->id);
> - kfree(nvmem);
> - return ERR_PTR(rval);
> - }
> - }
> -
> dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);
>
> rval = device_register(&nvmem->dev);
> if (rval)
> goto err_put_device;
>
> + if (nvmem->nkeepout) {
> + rval = nvmem_validate_keepouts(nvmem);
> + if (rval) {

Unnecessary braces here.

--srini
> + goto err_device_del;
> + }
> + }
> +
> if (config->compat) {
> rval = nvmem_sysfs_setup_compat(nvmem, config);
> if (rval)

2022-07-18 13:10:54

by Gaosheng Cui

[permalink] [raw]
Subject: Re: [PATCH -next,v4] nvmem: core: Fix memleak in nvmem_register()

>
> What changed since v3?
I adjusted the commit message because the implementation of the code has
changed.

>
> Unnecessary braces here.
Already fixed.

Thanks,

在 2022/7/18 20:24, Srinivas Kandagatla 写道:
>
>
> On 18/07/2022 13:21, Gaosheng Cui wrote:
>> dev_set_name will alloc memory for nvmem->dev.kobj.name in
>> nvmem_register, when nvmem_validate_keepouts failed, nvmem's
>> memory will be freed and return, but nobody will free memory
>> for nvmem->dev.kobj.name, there will be memleak, so moving
>> nvmem_validate_keepouts() after device_register() and let
>> the device core deal with cleaning name in error cases.
>>
>> Fixes: de0534df9347 ("nvmem: core: fix error handling while
>> validating keepout regions")
>> Signed-off-by: Gaosheng Cui <[email protected]>
>> ---
>
> What changed since v3?
>
>>   drivers/nvmem/core.c | 16 +++++++---------
>>   1 file changed, 7 insertions(+), 9 deletions(-)
>>
>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>> index 1e3c754efd0d..6067d3bbff5d 100644
>> --- a/drivers/nvmem/core.c
>> +++ b/drivers/nvmem/core.c
>> @@ -829,21 +829,19 @@ struct nvmem_device *nvmem_register(const
>> struct nvmem_config *config)
>>       nvmem->dev.groups = nvmem_dev_groups;
>>   #endif
>>   -    if (nvmem->nkeepout) {
>> -        rval = nvmem_validate_keepouts(nvmem);
>> -        if (rval) {
>> -            ida_free(&nvmem_ida, nvmem->id);
>> -            kfree(nvmem);
>> -            return ERR_PTR(rval);
>> -        }
>> -    }
>> -
>>       dev_dbg(&nvmem->dev, "Registering nvmem device %s\n",
>> config->name);
>>         rval = device_register(&nvmem->dev);
>>       if (rval)
>>           goto err_put_device;
>>   +    if (nvmem->nkeepout) {
>> +        rval = nvmem_validate_keepouts(nvmem);
>> +        if (rval) {
>
> Unnecessary braces here.
>
> --srini
>> +            goto err_device_del;
>> +        }
>> +    }
>> +
>>       if (config->compat) {
>>           rval = nvmem_sysfs_setup_compat(nvmem, config);
>>           if (rval)
> .