[v1] nvmem: core: Fix memleak in nvmem_register()

[PATCH -next,v4] nvmem: core: Fix memleak in nvmem_register()

Posted by Gaosheng Cui 3 years, 9 months ago

dev_set_name will alloc memory for nvmem->dev.kobj.name in
nvmem_register, when nvmem_validate_keepouts failed, nvmem's
memory will be freed and return, but nobody will free memory
for nvmem->dev.kobj.name, there will be memleak, so moving
nvmem_validate_keepouts() after device_register() and let
the device core deal with cleaning name in error cases.

Fixes: de0534df9347 ("nvmem: core: fix error handling while validating keepout regions")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
---
 drivers/nvmem/core.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 1e3c754efd0d..6067d3bbff5d 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -829,21 +829,19 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
 	nvmem->dev.groups = nvmem_dev_groups;
 #endif
 
-	if (nvmem->nkeepout) {
-		rval = nvmem_validate_keepouts(nvmem);
-		if (rval) {
-			ida_free(&nvmem_ida, nvmem->id);
-			kfree(nvmem);
-			return ERR_PTR(rval);
-		}
-	}
-
 	dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);
 
 	rval = device_register(&nvmem->dev);
 	if (rval)
 		goto err_put_device;
 
+	if (nvmem->nkeepout) {
+		rval = nvmem_validate_keepouts(nvmem);
+		if (rval) {
+			goto err_device_del;
+		}
+	}
+
 	if (config->compat) {
 		rval = nvmem_sysfs_setup_compat(nvmem, config);
 		if (rval)
-- 
2.25.1

Re: [PATCH -next,v4] nvmem: core: Fix memleak in nvmem_register()

Posted by Srinivas Kandagatla 3 years, 9 months ago


On 18/07/2022 13:21, Gaosheng Cui wrote:
> dev_set_name will alloc memory for nvmem->dev.kobj.name in
> nvmem_register, when nvmem_validate_keepouts failed, nvmem's
> memory will be freed and return, but nobody will free memory
> for nvmem->dev.kobj.name, there will be memleak, so moving
> nvmem_validate_keepouts() after device_register() and let
> the device core deal with cleaning name in error cases.
> 
> Fixes: de0534df9347 ("nvmem: core: fix error handling while validating keepout regions")
> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
> ---

What changed since v3?

>   drivers/nvmem/core.c | 16 +++++++---------
>   1 file changed, 7 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
> index 1e3c754efd0d..6067d3bbff5d 100644
> --- a/drivers/nvmem/core.c
> +++ b/drivers/nvmem/core.c
> @@ -829,21 +829,19 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
>   	nvmem->dev.groups = nvmem_dev_groups;
>   #endif
>   
> -	if (nvmem->nkeepout) {
> -		rval = nvmem_validate_keepouts(nvmem);
> -		if (rval) {
> -			ida_free(&nvmem_ida, nvmem->id);
> -			kfree(nvmem);
> -			return ERR_PTR(rval);
> -		}
> -	}
> -
>   	dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);
>   
>   	rval = device_register(&nvmem->dev);
>   	if (rval)
>   		goto err_put_device;
>   
> +	if (nvmem->nkeepout) {
> +		rval = nvmem_validate_keepouts(nvmem);
> +		if (rval) {

Unnecessary braces here.

--srini
> +			goto err_device_del;
> +		}
> +	}
> +
>   	if (config->compat) {
>   		rval = nvmem_sysfs_setup_compat(nvmem, config);
>   		if (rval)

Re: [PATCH -next,v4] nvmem: core: Fix memleak in nvmem_register()

Posted by cuigaosheng 3 years, 9 months ago

>
> What changed since v3?
I adjusted the commit message because the implementation of the code has 
changed.

>
> Unnecessary braces here. 
Already fixed.

Thanks,

在 2022/7/18 20:24, Srinivas Kandagatla 写道:
>
>
> On 18/07/2022 13:21, Gaosheng Cui wrote:
>> dev_set_name will alloc memory for nvmem->dev.kobj.name in
>> nvmem_register, when nvmem_validate_keepouts failed, nvmem's
>> memory will be freed and return, but nobody will free memory
>> for nvmem->dev.kobj.name, there will be memleak, so moving
>> nvmem_validate_keepouts() after device_register() and let
>> the device core deal with cleaning name in error cases.
>>
>> Fixes: de0534df9347 ("nvmem: core: fix error handling while 
>> validating keepout regions")
>> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
>> ---
>
> What changed since v3?
>
>>   drivers/nvmem/core.c | 16 +++++++---------
>>   1 file changed, 7 insertions(+), 9 deletions(-)
>>
>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>> index 1e3c754efd0d..6067d3bbff5d 100644
>> --- a/drivers/nvmem/core.c
>> +++ b/drivers/nvmem/core.c
>> @@ -829,21 +829,19 @@ struct nvmem_device *nvmem_register(const 
>> struct nvmem_config *config)
>>       nvmem->dev.groups = nvmem_dev_groups;
>>   #endif
>>   -    if (nvmem->nkeepout) {
>> -        rval = nvmem_validate_keepouts(nvmem);
>> -        if (rval) {
>> -            ida_free(&nvmem_ida, nvmem->id);
>> -            kfree(nvmem);
>> -            return ERR_PTR(rval);
>> -        }
>> -    }
>> -
>>       dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", 
>> config->name);
>>         rval = device_register(&nvmem->dev);
>>       if (rval)
>>           goto err_put_device;
>>   +    if (nvmem->nkeepout) {
>> +        rval = nvmem_validate_keepouts(nvmem);
>> +        if (rval) {
>
> Unnecessary braces here.
>
> --srini
>> +            goto err_device_del;
>> +        }
>> +    }
>> +
>>       if (config->compat) {
>>           rval = nvmem_sysfs_setup_compat(nvmem, config);
>>           if (rval)
> .