Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5703481ybv; Tue, 18 Feb 2020 02:23:09 -0800 (PST) X-Google-Smtp-Source: APXvYqwLOd69nf8sR897YPX9xwuDqbnQdv7UFU9zKihXHz3lXM2gxBJWyOtrb/nZwepcr62AgLVk X-Received: by 2002:a05:6830:114c:: with SMTP id x12mr15403569otq.324.1582021389193; Tue, 18 Feb 2020 02:23:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582021389; cv=none; d=google.com; s=arc-20160816; b=qYRkml+H7eXjQ6AdB0fFq1EU9ZMi80FKaydQH/48BwtR3Rj8Bb1yNhP+uBgmffbC9I 2HERVxpxJf/LGz4CV96IZHshE0q4kA+WCYBmPUH/Dz00h0z9i1S2Du/lsX8BrM09eTaj kmXwQjswoqi4J4sNCZ8ztpsm2aNkKxTegBVt7vpUO3c17xygu6KMkGYYjRTDqR+KQxLp X6Eq9B+xEWo60657oe2hMolW8IxSXXKghMAjfTvEco8eb/KdOj8C3+tPqMiIcgzwhg6j 9nKEbR+umWAyNOT0nee+PCLPT/OSVCkkk3+iZ4quNkjQFOIiu2nUzIKkVS+yYGr5VWZK M1Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=jcijWLGUlZ8GgDNFPut3P5OmzC3gncuLiap7isWZjgk=; b=tBWiAMW+ECENmBiUv92tERvGQfnJbCKlXBMscrN95U+yNXLrFbmRXHMEQAlRcwTsbQ e6z79UZnz1/c6e++0bRralQBO0GHOZUmhlH0bk1YCtpdMbJPF1iJi3EDO7JSKwswjHd1 BN7BDYPzaJLVcX61mva3Pj5CwHfN1eOXEpnKM5/Qp5I6VjEHv/Mb5Se3Ah7lDWLj+WgD psqxfxj1CH5zTXJy4VTbhfFrNmbqNz/vOTQsi9g22Xs1eBT4MmrDUGnVTZFxRseAjNct 7tuozo6QrfJ0tDyMRycIFsmOv7jseTkLtGUJ9WrrZiVAP5jWjj1DGV6Kg6Qm6lzgH9lR gEAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@baylibre-com.20150623.gappssmtp.com header.s=20150623 header.b=j6+aJwtc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m19si7269786oig.91.2020.02.18.02.22.57; Tue, 18 Feb 2020 02:23:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@baylibre-com.20150623.gappssmtp.com header.s=20150623 header.b=j6+aJwtc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726445AbgBRKWW (ORCPT + 99 others); Tue, 18 Feb 2020 05:22:22 -0500 Received: from mail-qt1-f193.google.com ([209.85.160.193]:39979 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726193AbgBRKWV (ORCPT ); Tue, 18 Feb 2020 05:22:21 -0500 Received: by mail-qt1-f193.google.com with SMTP id v25so14094553qto.7 for ; Tue, 18 Feb 2020 02:22:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jcijWLGUlZ8GgDNFPut3P5OmzC3gncuLiap7isWZjgk=; b=j6+aJwtcULrl6SmiRgNh4CBUBQTOfkxgDzVYO0lJp/vlUKc+7ihhc1hO5Zw8h+HUOi IkRjxilM1shdIt/E4L3TQZcHmnAZ7PLOgAIq6cDwaRUtU1c6i0vw6t/6wZ7oMjGZA3S2 Y2yP8kFEjqlMqWEYr7uiM4v9GrmCJ034aYdZlczf1I0RzEiqcsje369Vgj3gtS18REjd DHLDhypnd3RWqdNshdMBRBtKnd/TGoexOPwKiuz8ejc0azD8ScG5cZXA31/GPOvY9hws 3WUTT2aWBbPe+JVahGMC1HzFdFnOHhltAAHt14Noch80XBrxQo1GRbjistaNxnIHA51w GHOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jcijWLGUlZ8GgDNFPut3P5OmzC3gncuLiap7isWZjgk=; b=MYs9HJd23H9PSLk/iRUOcP2OUp3/k5RATV2ACJKjqLSuHDx4uisvRX19KjBYOiJNF2 J0BU7iF8ljuwmE0R3Ifdn3jnh7BdHTwTnzoWDWig/f/IpqtreuNeNEFjf28SMk0hxnA1 g+RyZBgiHWtEaLlRePgcWVeeFA6hBMYCbbyi/qkaZe/h/n1j5MZvI8wuB5jztIw2rPD2 wVMbnglmiCs4/Mum0Lempb5vHDXj2fRX4GPr4PdKLYoiVErlK0zag+C6PVehJ2Bfd593 ZYsDnVliIpsTo7MqyWY2A1642ooYtmhzj9skMgdI3lMYx1jx0JIa36ihdi8CPsmH19il Yl1Q== X-Gm-Message-State: APjAAAUYKzHKCB7evP9gIwf7CfGmVNPX+m7a28hye8t/e0bVoeFLOL8G noWtiB210i2cRqSZxUu9wUwFas/RW73TfJjX/3GcVA== X-Received: by 2002:ac8:7657:: with SMTP id i23mr16804779qtr.197.1582021340839; Tue, 18 Feb 2020 02:22:20 -0800 (PST) MIME-Version: 1.0 References: <20200218094234.23896-1-brgl@bgdev.pl> <20200218094234.23896-3-brgl@bgdev.pl> <6e7a5df7-6ded-7777-5552-879934c185ad@linaro.org> <5f4cf6ca-c5e2-9fd2-b4b8-f99a120e0d4b@linaro.org> In-Reply-To: <5f4cf6ca-c5e2-9fd2-b4b8-f99a120e0d4b@linaro.org> From: Bartosz Golaszewski Date: Tue, 18 Feb 2020 11:22:10 +0100 Message-ID: Subject: Re: [PATCH v2 2/7] nvmem: fix another memory leak in error path To: Srinivas Kandagatla Cc: Bartosz Golaszewski , Linus Walleij , Khouloud Touil , Geert Uytterhoeven , "open list:GPIO SUBSYSTEM" , Linux Kernel Mailing List , stable Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org wt., 18 lut 2020 o 11:11 Srinivas Kandagatla napisa=C5=82(a): > > > > On 18/02/2020 10:05, Bartosz Golaszewski wrote: > > wt., 18 lut 2020 o 10:56 Srinivas Kandagatla > > napisa=C5=82(a): > >> > >> > >> > >> On 18/02/2020 09:42, Bartosz Golaszewski wrote: > >>> From: Bartosz Golaszewski > >>> > >>> The nvmem struct is only freed on the first error check after its > >>> allocation and leaked after that. Fix it with a new label. > >>> > >>> Cc: > >>> Signed-off-by: Bartosz Golaszewski > >>> --- > >>> drivers/nvmem/core.c | 8 ++++---- > >>> 1 file changed, 4 insertions(+), 4 deletions(-) > >>> > >>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c > >>> index b0be03d5f240..c9b3f4047154 100644 > >>> --- a/drivers/nvmem/core.c > >>> +++ b/drivers/nvmem/core.c > >>> @@ -343,10 +343,8 @@ struct nvmem_device *nvmem_register(const struct= nvmem_config *config) > >>> return ERR_PTR(-ENOMEM); > >>> > >>> rval =3D ida_simple_get(&nvmem_ida, 0, 0, GFP_KERNEL); > >>> - if (rval < 0) { > >>> - kfree(nvmem); > >>> - return ERR_PTR(rval); > >>> - } > >>> + if (rval < 0) > >>> + goto err_free_nvmem; > >>> if (config->wp_gpio) > >>> nvmem->wp_gpio =3D config->wp_gpio; > >>> else > >>> @@ -432,6 +430,8 @@ struct nvmem_device *nvmem_register(const struct = nvmem_config *config) > >>> put_device(&nvmem->dev); > >>> err_ida_remove: > >>> ida_simple_remove(&nvmem_ida, nvmem->id); > >>> +err_free_nvmem: > >>> + kfree(nvmem); > >> > >> This is not correct fix to start with, if the device has already been > >> intialized before jumping here then nvmem would be freed as part of > >> nvmem_release(). > >> > >> So the bug was actually introduced by adding err_ida_remove label. > >> > >> You can free nvmem at that point but not at any point after that as > >> device core would be holding a reference to it. > >> > > > > OK I see - I missed the release() callback assignment. Frankly: I find > > this split of resource management responsibility confusing. Since the > > users are expected to call nvmem_unregister() anyway - wouldn't it be > > more clear to just free all resources there? What is the advantage of > > defining the release() callback for device type here? > > Because we are using dev pointer from nvmem structure, and this dev > pointer should be valid until release callback is invoked. > > Freeing nvmem at any early stage would make dev pointer invalid and > device core would dereference it! > Ok, let me brew up a v3 with that in mind. Bart