drivers/clocksource/timer-cadence-ttc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)
The ttc_setup_clocksource() and ttc_setup_clockevent() fail to
unregister the clock notifier in their error paths, potentially
leading to a resource leak. Additionally, ttc_setup_clocksource()
leaks the prepared clock reference upon failure.
Unregister the clock notifier and disable the clock in the
error path of ttc_setup_clocksource(). Also, add the missing
clock notifier unregistration in the error path of
ttc_setup_clockevent() to ensure proper cleanup.
Fixes: e932900a3279 ("arm: zynq: Use standard timer binding")
Fixes: 91dc985c5e51 ("ARM: zynq: add clk binding support to the ttc")
Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn>
---
drivers/clocksource/timer-cadence-ttc.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/clocksource/timer-cadence-ttc.c b/drivers/clocksource/timer-cadence-ttc.c
index b8a1cf59b9d6..70384faad66d 100644
--- a/drivers/clocksource/timer-cadence-ttc.c
+++ b/drivers/clocksource/timer-cadence-ttc.c
@@ -333,6 +333,7 @@ static int __init ttc_setup_clocksource(struct clk *clk, void __iomem *base,
{
struct ttc_timer_clocksource *ttccs;
int err;
+ bool notifier_registered = false;
ttccs = kzalloc(sizeof(*ttccs), GFP_KERNEL);
if (!ttccs)
@@ -356,6 +357,8 @@ static int __init ttc_setup_clocksource(struct clk *clk, void __iomem *base,
&ttccs->ttc.clk_rate_change_nb);
if (err)
pr_warn("Unable to register clock notifier.\n");
+ else
+ notifier_registered = true;
ttccs->ttc.base_addr = base;
ttccs->cs.name = "ttc_clocksource";
@@ -377,6 +380,10 @@ static int __init ttc_setup_clocksource(struct clk *clk, void __iomem *base,
err = clocksource_register_hz(&ttccs->cs, ttccs->ttc.freq / PRESCALE);
if (err) {
+ if (notifier_registered)
+ clk_notifier_unregister(ttccs->ttc.clk,
+ &ttccs->ttc.clk_rate_change_nb);
+ clk_disable_unprepare(ttccs->ttc.clk);
kfree(ttccs);
return err;
}
@@ -465,13 +472,16 @@ static int __init ttc_setup_clockevent(struct clk *clk,
err = request_irq(irq, ttc_clock_event_interrupt,
IRQF_TIMER, ttcce->ce.name, ttcce);
if (err)
- goto out_clk_unprepare;
+ goto out_clk_notifier_unregister;
clockevents_config_and_register(&ttcce->ce,
ttcce->ttc.freq / PRESCALE, 1, 0xfffe);
return 0;
+out_clk_notifier_unregister:
+ clk_notifier_unregister(ttcce->ttc.clk,
+ &ttcce->ttc.clk_rate_change_nb);
out_clk_unprepare:
clk_disable_unprepare(ttcce->ttc.clk);
out_kfree:
--
2.50.1.windows.1> The ttc_setup_clocksource() and ttc_setup_clockevent() fail to
> unregister the clock notifier in their error paths, potentially
> leading to a resource leak. Additionally, ttc_setup_clocksource()
> leaks the prepared clock reference upon failure.
…
You may occasionally put more than 65 characters into text lines
of such a change description.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.18-rc7#n658
…
> +++ b/drivers/clocksource/timer-cadence-ttc.c
…
> @@ -377,6 +380,10 @@ static int __init ttc_setup_clocksource(struct clk *clk, void __iomem *base,
>
> err = clocksource_register_hz(&ttccs->cs, ttccs->ttc.freq / PRESCALE);
> if (err) {
> + if (notifier_registered)
> + clk_notifier_unregister(ttccs->ttc.clk,
> + &ttccs->ttc.clk_rate_change_nb);
> + clk_disable_unprepare(ttccs->ttc.clk);
> kfree(ttccs);
> return err;
> }
How do you think about to avoid repeated kfree() calls in such a function implementation?
> @@ -465,13 +472,16 @@ static int __init ttc_setup_clockevent(struct clk *clk,
…
> +out_clk_notifier_unregister:
> + clk_notifier_unregister(ttcce->ttc.clk,
> + &ttcce->ttc.clk_rate_change_nb);
…
You may specify this function call in a single line.
Regards,
Markus
© 2016 - 2025 Red Hat, Inc.