Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp223220pxa; Tue, 11 Aug 2020 23:31:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzouT49CsAWJBuA8CKs3ikH9xmmduUIlyRNpGPhv+iqlk9Wx4IAFK3rHJpcGb0gE22C51gM X-Received: by 2002:a17:906:e10e:: with SMTP id gj14mr31329830ejb.218.1597213895974; Tue, 11 Aug 2020 23:31:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597213895; cv=none; d=google.com; s=arc-20160816; b=0huWn8472KLC9Y0vLeWUcUb6Jr69TkzHL6E3zUl7fWoZ403ABGmt+gSYq/gm0CV2oJ k6rOP3QtAA/H5bKOeueEirB8aUVj6qVX2dFFYd6aY8LAGqjE0u2/PWSWX77jH3EaPwvL Lg4d+Cr+jtYQUg/aCsrRfQn/mRli5yluCaXINhhxglomxifKCiR0RbkZlU3ilp8ZwLhk 3yEcyZEyqznw8OFeyXgKTgGXc9/WuvqiLlhUGMwghhCOYthSLPV7jwsfeyECz8e3zoVj Nu6IqQomkS7FKXUVBeKII/w2n2yZHq9sUYc8NmSSsQKCMOTJojaDvw2X5xI7Bs9EGx7R qjiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=+J28kXJ8XKcuYz6xdzJrWJxX9gc39LvJCirhQxiAhhg=; b=N3W3H85AHwoW1zvgDbrYo9tyIUmeCoTxS8gGweXo6AKBiqcALFFjXfZLWiC+BpWwCY 8P7xy+HixuVniHaks4RdigQg/BpX7KghbLIE4u6kTk0XiWHHQeRV19K6IduINBfG6MYR IQd2/GrTF8cQumvmTIuwno/nXkg8raztJQG9VFTmt7fOGHxiEdspckB+q9MRdlJWMwee 9F1yXwsWDpbD0q6rd2hLCbpaJ0aREcJ6MmZREbsSTSUjyJVoWGmgP74r+qFQDz9EYCPP n5x3/ifJ+mkdsouum9CyebzNyIpEpWkG+jsgR/cGT75Fka9krgT26ZO9R7B9fwE+3Uj+ eKLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f9si807294edm.167.2020.08.11.23.31.13; Tue, 11 Aug 2020 23:31:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726660AbgHLG3V (ORCPT + 99 others); Wed, 12 Aug 2020 02:29:21 -0400 Received: from mleia.com ([178.79.152.223]:36570 "EHLO mail.mleia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726255AbgHLG3V (ORCPT ); Wed, 12 Aug 2020 02:29:21 -0400 Received: from mail.mleia.com (localhost [127.0.0.1]) by mail.mleia.com (Postfix) with ESMTP id 3E9D83FDFA4; Wed, 12 Aug 2020 06:29:20 +0000 (UTC) Subject: Re: [PATCH v2 5/7] regulator: plug of_node leak in regulator_register()'s error path To: =?UTF-8?B?TWljaGHFgiBNaXJvc8WCYXc=?= , Dmitry Osipenko , Liam Girdwood , Mark Brown Cc: linux-kernel@vger.kernel.org References: From: Vladimir Zapolskiy Message-ID: Date: Wed, 12 Aug 2020 09:29:12 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-49551924 X-CRM114-CacheID: sfid-20200812_062920_277791_509CDCAC X-CRM114-Status: GOOD ( 19.19 ) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Michał, On 8/12/20 4:31 AM, Michał Mirosław wrote: > By calling device_initialize() earlier and noting that kfree(NULL) is > ok, we can save a bit of code in error handling and plug of_node leak. > Fixed commit already did part of the work. > > Cc: stable@vger.kernel.org > Fixes: 9177514ce349 ("regulator: fix memory leak on error path of regulator_register()") > Signed-off-by: Michał Mirosław > Acked-by: Vladimir Zapolskiy > --- > drivers/regulator/core.c | 13 ++++--------- > 1 file changed, 4 insertions(+), 9 deletions(-) > > diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c > index 71749f48caee..448a267641df 100644 > --- a/drivers/regulator/core.c > +++ b/drivers/regulator/core.c > @@ -5137,6 +5137,7 @@ regulator_register(const struct regulator_desc *regulator_desc, > ret = -ENOMEM; > goto rinse; > } > + device_initialize(&rdev->dev); > > /* > * Duplicate the config so the driver could override it after > @@ -5144,9 +5145,8 @@ regulator_register(const struct regulator_desc *regulator_desc, > */ > config = kmemdup(cfg, sizeof(*cfg), GFP_KERNEL); > if (config == NULL) { > - kfree(rdev); > ret = -ENOMEM; > - goto rinse; > + goto clean; Here config == NULL > } > > init_data = regulator_of_get_init_data(dev, regulator_desc, config, > @@ -5158,10 +5158,8 @@ regulator_register(const struct regulator_desc *regulator_desc, > * from a gpio extender or something else. > */ > if (PTR_ERR(init_data) == -EPROBE_DEFER) { > - kfree(config); > - kfree(rdev); > ret = -EPROBE_DEFER; > - goto rinse; > + goto clean; > } > > /* > @@ -5214,7 +5212,6 @@ regulator_register(const struct regulator_desc *regulator_desc, > } > > /* register with sysfs */ > - device_initialize(&rdev->dev); > rdev->dev.class = ®ulator_class; > rdev->dev.parent = dev; > dev_set_name(&rdev->dev, "regulator.%lu", > @@ -5292,13 +5289,11 @@ regulator_register(const struct regulator_desc *regulator_desc, > mutex_lock(®ulator_list_mutex); > regulator_ena_gpio_free(rdev); > mutex_unlock(®ulator_list_mutex); > - put_device(&rdev->dev); > - rdev = NULL; > clean: > if (dangling_of_gpiod) > gpiod_put(config->ena_gpiod); And above 'config' NULL pointer could be dereferenced now, right? > - kfree(rdev); > kfree(config); > + put_device(&rdev->dev); > rinse: > if (dangling_cfg_gpiod) > gpiod_put(cfg->ena_gpiod); > -- Best wishes, Vladimir