LinuxLists.cc - Re: [PATCH] amba: fix refcount underflow if amba_device

2022-05-24 07:31:05

Subject: Re: [PATCH] amba: fix refcount underflow if amba_device_add() fails

On Tue, May 24, 2022 at 10:51:39AM +0800, Kefeng Wang wrote:
> "ARM: 9192/1: amba: fix memory leak in amba_device_try_add()" leads
> to a refcount underflow if amba_device_add() fails, which called by
> of_amba_device_create(), the of_amba_device_create() already exists
> the error handling, so amba_put_device() only need to be added into
> amba_deferred_retry().
>
> Reported-by: Guenter Roeck <[email protected]>
> Signed-off-by: Kefeng Wang <[email protected]>

Tested-by: Guenter Roeck <[email protected]>

Thanks,
Guenter

> ---
> drivers/amba/bus.c | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
> index 0e3ed5eb367b..0cb20324da16 100644
> --- a/drivers/amba/bus.c
> +++ b/drivers/amba/bus.c
> @@ -493,13 +493,8 @@ static int amba_device_try_add(struct amba_device *dev, struct resource *parent)
> goto skip_probe;
>
> ret = amba_read_periphid(dev);
> - if (ret) {
> - if (ret != -EPROBE_DEFER) {
> - amba_device_put(dev);
> - goto err_out;
> - }
> + if (ret)
> goto err_release;
> - }
>
> skip_probe:
> ret = device_add(&dev->dev);
> @@ -546,6 +541,7 @@ static int amba_deferred_retry(void)
> continue;
>
> list_del_init(&ddev->node);
> + amba_device_put(ddev->dev);
> kfree(ddev);
> }
>
> --
> 2.35.3
>

2022-05-24 08:52:49

by Kefeng Wang

[permalink] [raw]

Subject: Re: [PATCH] amba: fix refcount underflow if amba_device_add() fails

On 2022/5/24 11:09, Guenter Roeck wrote:
> On Tue, May 24, 2022 at 10:51:39AM +0800, Kefeng Wang wrote:
>> "ARM: 9192/1: amba: fix memory leak in amba_device_try_add()" leads
>> to a refcount underflow if amba_device_add() fails, which called by
>> of_amba_device_create(), the of_amba_device_create() already exists
>> the error handling, so amba_put_device() only need to be added into
>> amba_deferred_retry().
>>
>> Reported-by: Guenter Roeck <[email protected]>
>> Signed-off-by: Kefeng Wang <[email protected]>
> Tested-by: Guenter Roeck <[email protected]>

Thanks.

PS: I also test with kmemleak, this could also fix previous memory leak
issue.

>
> Thanks,
> Guenter
>
>> ---
>> drivers/amba/bus.c | 8 ++------
>> 1 file changed, 2 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
>> index 0e3ed5eb367b..0cb20324da16 100644
>> --- a/drivers/amba/bus.c
>> +++ b/drivers/amba/bus.c
>> @@ -493,13 +493,8 @@ static int amba_device_try_add(struct amba_device *dev, struct resource *parent)
>> goto skip_probe;
>>
>> ret = amba_read_periphid(dev);
>> - if (ret) {
>> - if (ret != -EPROBE_DEFER) {
>> - amba_device_put(dev);
>> - goto err_out;
>> - }
>> + if (ret)
>> goto err_release;
>> - }
>>
>> skip_probe:
>> ret = device_add(&dev->dev);
>> @@ -546,6 +541,7 @@ static int amba_deferred_retry(void)
>> continue;
>>
>> list_del_init(&ddev->node);
>> + amba_device_put(ddev->dev);
>> kfree(ddev);
>> }
>>
>> --
>> 2.35.3
>>
> .