[v2] rpmb: fix error path in rpmb_dev_register()

[PATCH v2] rpmb: fix error path in rpmb_dev_register()

Posted by Jens Wiklander 1 year, 5 months ago

Until this patch was rpmb_dev_register() always freeing rdev in the
error path. However, past device_register() it must not do that since
the memory is now managed by the device even if it failed to register
properly. So fix this by doing a device_put() before returning the error
code.

Fixes the smatch warning:
        drivers/misc/rpmb-core.c:204 rpmb_dev_register()
        warn: freeing device managed memory (leak): 'rdev'

Fixes: 1e9046e3a154 ("rpmb: add Replay Protected Memory Block (RPMB) subsystem")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
Changes in v2:
- Remove the now unused err_id_remove label in rpmb_dev_register(),
  reported by the kernel test robot
---
 drivers/misc/rpmb-core.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/misc/rpmb-core.c b/drivers/misc/rpmb-core.c
index c8888267c222..bc68cde1a8bf 100644
--- a/drivers/misc/rpmb-core.c
+++ b/drivers/misc/rpmb-core.c
@@ -187,17 +187,15 @@ struct rpmb_dev *rpmb_dev_register(struct device *dev,
 	rdev->dev.parent = dev;
 
 	ret = device_register(&rdev->dev);
-	if (ret)
-		goto err_id_remove;
+	if (ret) {
+		put_device(&rdev->dev);
+		return ERR_PTR(ret);
+	}
 
 	dev_dbg(&rdev->dev, "registered device\n");
 
 	return rdev;
 
-err_id_remove:
-	mutex_lock(&rpmb_mutex);
-	ida_simple_remove(&rpmb_ida, rdev->id);
-	mutex_unlock(&rpmb_mutex);
 err_free_dev_id:
 	kfree(rdev->descr.dev_id);
 err_free_rdev:
-- 
2.34.1

Re: [PATCH v2] rpmb: fix error path in rpmb_dev_register()

Posted by Ulf Hansson 1 year, 5 months ago

On Mon, 2 Sept 2024 at 12:58, Jens Wiklander <jens.wiklander@linaro.org> wrote:
>
> Until this patch was rpmb_dev_register() always freeing rdev in the
> error path. However, past device_register() it must not do that since
> the memory is now managed by the device even if it failed to register
> properly. So fix this by doing a device_put() before returning the error

/s/device_put/put_device

> code.
>
> Fixes the smatch warning:
>         drivers/misc/rpmb-core.c:204 rpmb_dev_register()
>         warn: freeing device managed memory (leak): 'rdev'
>
> Fixes: 1e9046e3a154 ("rpmb: add Replay Protected Memory Block (RPMB) subsystem")
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

With the above small amendment, applied to my mmc tree for next, thanks!

Kind regards
Uffe

> ---
> Changes in v2:
> - Remove the now unused err_id_remove label in rpmb_dev_register(),
>   reported by the kernel test robot
> ---
>  drivers/misc/rpmb-core.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/misc/rpmb-core.c b/drivers/misc/rpmb-core.c
> index c8888267c222..bc68cde1a8bf 100644
> --- a/drivers/misc/rpmb-core.c
> +++ b/drivers/misc/rpmb-core.c
> @@ -187,17 +187,15 @@ struct rpmb_dev *rpmb_dev_register(struct device *dev,
>         rdev->dev.parent = dev;
>
>         ret = device_register(&rdev->dev);
> -       if (ret)
> -               goto err_id_remove;
> +       if (ret) {
> +               put_device(&rdev->dev);
> +               return ERR_PTR(ret);
> +       }
>
>         dev_dbg(&rdev->dev, "registered device\n");
>
>         return rdev;
>
> -err_id_remove:
> -       mutex_lock(&rpmb_mutex);
> -       ida_simple_remove(&rpmb_ida, rdev->id);
> -       mutex_unlock(&rpmb_mutex);
>  err_free_dev_id:
>         kfree(rdev->descr.dev_id);
>  err_free_rdev:
> --
> 2.34.1
>