1. Patchew
  2. linux
  3. View series

[PATCH] PM: EM: Fix memory leak in em_create_pd() error path

Malaya Kumar Rout posted 1 patch 1 month ago 
kernel/power/energy_model.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH] PM: EM: Fix memory leak in em_create_pd() error path
Posted by Malaya Kumar Rout 1 month ago 
When ida_alloc() fails in em_create_pd(), the function returns without
freeing the previously allocated 'pd' structure, leading to a memory leak.
The 'pd' pointer is allocated either at line 436 (for CPU devices with
cpumask) or line 442 (for other devices) using kzalloc().

Additionally, the function incorrectly returns -ENOMEM when ida_alloc()
fails, ignoring the actual error code returned by ida_alloc(), which can
fail for reasons other than memory exhaustion.

Fix both issues by:
1. Freeing the 'pd' structure with kfree() when ida_alloc() fails
2. Returning the actual error code from ida_alloc() instead of -ENOMEM

This ensures proper cleanup on the error path and accurate error reporting.

Fixes: cbe5aeedecc7 ("PM: EM: Assign a unique ID when creating a performance domain")
Signed-off-by: Malaya Kumar Rout <mrout@redhat.com>
---
 kernel/power/energy_model.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c
index 11af9f64aa82..5b055cbe5341 100644
--- a/kernel/power/energy_model.c
+++ b/kernel/power/energy_model.c
@@ -449,8 +449,10 @@ static int em_create_pd(struct device *dev, int nr_states,
 	INIT_LIST_HEAD(&pd->node);
 
 	id = ida_alloc(&em_pd_ida, GFP_KERNEL);
-	if (id < 0)
-		return -ENOMEM;
+	if (id < 0) {
+		kfree(pd);
+		return id;
+	}
 	pd->id = id;
 
 	em_table = em_table_alloc(pd);
-- 
2.52.0
Re: [PATCH] PM: EM: Fix memory leak in em_create_pd() error path
Posted by Changwoo Min 1 month ago 
Thanks, Malaya, for the bug fix. This makes sense to me.

Reviewed-by:  Changwoo Min <changwoo@igalia.com>

On 1/5/26 7:37 PM, Malaya Kumar Rout wrote:
> When ida_alloc() fails in em_create_pd(), the function returns without
> freeing the previously allocated 'pd' structure, leading to a memory leak.
> The 'pd' pointer is allocated either at line 436 (for CPU devices with
> cpumask) or line 442 (for other devices) using kzalloc().
> 
> Additionally, the function incorrectly returns -ENOMEM when ida_alloc()
> fails, ignoring the actual error code returned by ida_alloc(), which can
> fail for reasons other than memory exhaustion.
> 
> Fix both issues by:
> 1. Freeing the 'pd' structure with kfree() when ida_alloc() fails
> 2. Returning the actual error code from ida_alloc() instead of -ENOMEM
> 
> This ensures proper cleanup on the error path and accurate error reporting.
> 
> Fixes: cbe5aeedecc7 ("PM: EM: Assign a unique ID when creating a performance domain")
> Signed-off-by: Malaya Kumar Rout <mrout@redhat.com>
> ---
>   kernel/power/energy_model.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c
> index 11af9f64aa82..5b055cbe5341 100644
> --- a/kernel/power/energy_model.c
> +++ b/kernel/power/energy_model.c
> @@ -449,8 +449,10 @@ static int em_create_pd(struct device *dev, int nr_states,
>   	INIT_LIST_HEAD(&pd->node);
>   
>   	id = ida_alloc(&em_pd_ida, GFP_KERNEL);
> -	if (id < 0)
> -		return -ENOMEM;
> +	if (id < 0) {
> +		kfree(pd);
> +		return id;
> +	}
>   	pd->id = id;
>   
>   	em_table = em_table_alloc(pd);
Re: [PATCH] PM: EM: Fix memory leak in em_create_pd() error path
Posted by Rafael J. Wysocki 4 weeks, 1 day ago 
On Thu, Jan 8, 2026 at 6:44 AM Changwoo Min <changwoo@igalia.com> wrote:
>
> Thanks, Malaya, for the bug fix. This makes sense to me.
>
> Reviewed-by:  Changwoo Min <changwoo@igalia.com>

Applied as 6.19-rc material, thanks!

> On 1/5/26 7:37 PM, Malaya Kumar Rout wrote:
> > When ida_alloc() fails in em_create_pd(), the function returns without
> > freeing the previously allocated 'pd' structure, leading to a memory leak.
> > The 'pd' pointer is allocated either at line 436 (for CPU devices with
> > cpumask) or line 442 (for other devices) using kzalloc().
> >
> > Additionally, the function incorrectly returns -ENOMEM when ida_alloc()
> > fails, ignoring the actual error code returned by ida_alloc(), which can
> > fail for reasons other than memory exhaustion.
> >
> > Fix both issues by:
> > 1. Freeing the 'pd' structure with kfree() when ida_alloc() fails
> > 2. Returning the actual error code from ida_alloc() instead of -ENOMEM
> >
> > This ensures proper cleanup on the error path and accurate error reporting.
> >
> > Fixes: cbe5aeedecc7 ("PM: EM: Assign a unique ID when creating a performance domain")
> > Signed-off-by: Malaya Kumar Rout <mrout@redhat.com>
> > ---
> >   kernel/power/energy_model.c | 6 ++++--
> >   1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c
> > index 11af9f64aa82..5b055cbe5341 100644
> > --- a/kernel/power/energy_model.c
> > +++ b/kernel/power/energy_model.c
> > @@ -449,8 +449,10 @@ static int em_create_pd(struct device *dev, int nr_states,
> >       INIT_LIST_HEAD(&pd->node);
> >
> >       id = ida_alloc(&em_pd_ida, GFP_KERNEL);
> > -     if (id < 0)
> > -             return -ENOMEM;
> > +     if (id < 0) {
> > +             kfree(pd);
> > +             return id;
> > +     }
> >       pd->id = id;
> >
> >       em_table = em_table_alloc(pd);
>
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.