1. Patchew
  2. linux
  3. View series

[PATCH] spmi: hisi-spmi-controller: fix potential memory leak in spmi_controller_probe()

Ma Ke posted 1 patch 2 years, 4 months ago 
drivers/spmi/hisi-spmi-controller.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] spmi: hisi-spmi-controller: fix potential memory leak in spmi_controller_probe()
Posted by Ma Ke 2 years, 4 months ago 
spmi_controller_alloc() allocates a memory space for ctrl. When some
errors occur, ctrl should be handled by spmi_controller_put() and set
spmi_controller->controller = NULL because spmi_controller->controller
has a dangling pointer to the freed memory. When the failure happens,
the function returns without calling spmi_controller_put() and setting
spmi_controller->controller = NULL, which will lead to a memory leak.

When the failure happens, we can fix it by calling spmi_controller_put()
and setting spmi_controller->controller = NULL in all of the places
where we call spmi_controller_put().

Signed-off-by: Ma Ke <make_ruc2021@163.com>
---
 drivers/spmi/hisi-spmi-controller.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c
index 9cbd473487cb..5b3cfa7f5056 100644
--- a/drivers/spmi/hisi-spmi-controller.c
+++ b/drivers/spmi/hisi-spmi-controller.c
@@ -321,6 +321,7 @@ static int spmi_controller_probe(struct platform_device *pdev)
 
 err_put_controller:
 	spmi_controller_put(ctrl);
+	spmi_controller->controller = NULL;
 	return ret;
 }
 
-- 
2.37.2
Re: [PATCH] spmi: hisi-spmi-controller: fix potential memory leak in spmi_controller_probe()
Posted by Stephen Boyd 2 years, 3 months ago 
Quoting Ma Ke (2023-09-21 19:52:16)
> spmi_controller_alloc() allocates a memory space for ctrl. When some
> errors occur, ctrl should be handled by spmi_controller_put() and set
> spmi_controller->controller = NULL because spmi_controller->controller
> has a dangling pointer to the freed memory. When the failure happens,
> the function returns without calling spmi_controller_put() and setting
> spmi_controller->controller = NULL, which will lead to a memory leak.
> 
> When the failure happens, we can fix it by calling spmi_controller_put()
> and setting spmi_controller->controller = NULL in all of the places
> where we call spmi_controller_put().
> 
> Signed-off-by: Ma Ke <make_ruc2021@163.com>
> ---
>  drivers/spmi/hisi-spmi-controller.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c
> index 9cbd473487cb..5b3cfa7f5056 100644
> --- a/drivers/spmi/hisi-spmi-controller.c
> +++ b/drivers/spmi/hisi-spmi-controller.c
> @@ -321,6 +321,7 @@ static int spmi_controller_probe(struct platform_device *pdev)
>  
>  err_put_controller:
>         spmi_controller_put(ctrl);
> +       spmi_controller->controller = NULL;

The controller will most likely be freed after the put call one line
above so this will oops. No thanks.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.