Message ID | YMtYs7LVveYH4eRe@mwanda (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Geert Uytterhoeven |
Headers | show |
Series | [v2,1/2] clk: renesas: fix a double free on error | expand |
Hi Dan, Thank you for the fix. > -----Original Message----- > From: Dan Carpenter <dan.carpenter@oracle.com> > Sent: 17 June 2021 15:14 > To: Geert Uytterhoeven <geert+renesas@glider.be> > Cc: Michael Turquette <mturquette@baylibre.com>; Stephen Boyd <sboyd@kernel.org>; Prabhakar Mahadev > Lad <prabhakar.mahadev-lad.rj@bp.renesas.com>; Biju Das <biju.das.jz@bp.renesas.com>; linux-renesas- > soc@vger.kernel.org; linux-clk@vger.kernel.org; kernel-janitors@vger.kernel.org > Subject: [PATCH v2 1/2] clk: renesas: fix a double free on error > > The "pll_clk" and "clock" pointers are allocated with devm_kzalloc() so freeing them with kfree() will > lead to a double free. This would only happen if probe failed, and the system is not bootable. > > Fixes: ef3c613ccd68 ("clk: renesas: Add CPG core wrapper for RZ/G2L SoC") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > V2: Fix "pll_clk" as well. > > drivers/clk/renesas/renesas-rzg2l-cpg.c | 7 +------ > 1 file changed, 1 insertion(+), 6 deletions(-) > Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Also Reported-by tag, Reported-by: kernel test robot <lkp@intel.com> Cheers, Prabhakar > diff --git a/drivers/clk/renesas/renesas-rzg2l-cpg.c b/drivers/clk/renesas/renesas-rzg2l-cpg.c > index 5009b9e48b13..7ba36f19896f 100644 > --- a/drivers/clk/renesas/renesas-rzg2l-cpg.c > +++ b/drivers/clk/renesas/renesas-rzg2l-cpg.c > @@ -199,11 +199,7 @@ rzg2l_cpg_pll_clk_register(const struct cpg_core_clk *core, > pll_clk->priv = priv; > pll_clk->type = core->type; > > - clk = clk_register(NULL, &pll_clk->hw); > - if (IS_ERR(clk)) > - kfree(pll_clk); > - > - return clk; > + return clk_register(NULL, &pll_clk->hw); > } > > static struct clk > @@ -473,7 +469,6 @@ rzg2l_cpg_register_mod_clk(const struct rzg2l_mod_clk *mod, > fail: > dev_err(dev, "Failed to register %s clock %s: %ld\n", "module", > mod->name, PTR_ERR(clk)); > - kfree(clock); > } > > #define rcdev_to_priv(x) container_of(x, struct rzg2l_cpg_priv, rcdev) > -- > 2.30.2
On Thu, Jun 17, 2021 at 4:14 PM Dan Carpenter <dan.carpenter@oracle.com> wrote: > The "pll_clk" and "clock" pointers are allocated with devm_kzalloc() so > freeing them with kfree() will lead to a double free. This would only > happen if probe failed, and the system is not bootable. > > Fixes: ef3c613ccd68 ("clk: renesas: Add CPG core wrapper for RZ/G2L SoC") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > V2: Fix "pll_clk" as well. Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> i.e. will queue in renesas-clk for v5.15. Gr{oetje,eeting}s, Geert
diff --git a/drivers/clk/renesas/renesas-rzg2l-cpg.c b/drivers/clk/renesas/renesas-rzg2l-cpg.c index 5009b9e48b13..7ba36f19896f 100644 --- a/drivers/clk/renesas/renesas-rzg2l-cpg.c +++ b/drivers/clk/renesas/renesas-rzg2l-cpg.c @@ -199,11 +199,7 @@ rzg2l_cpg_pll_clk_register(const struct cpg_core_clk *core, pll_clk->priv = priv; pll_clk->type = core->type; - clk = clk_register(NULL, &pll_clk->hw); - if (IS_ERR(clk)) - kfree(pll_clk); - - return clk; + return clk_register(NULL, &pll_clk->hw); } static struct clk @@ -473,7 +469,6 @@ rzg2l_cpg_register_mod_clk(const struct rzg2l_mod_clk *mod, fail: dev_err(dev, "Failed to register %s clock %s: %ld\n", "module", mod->name, PTR_ERR(clk)); - kfree(clock); } #define rcdev_to_priv(x) container_of(x, struct rzg2l_cpg_priv, rcdev)
The "pll_clk" and "clock" pointers are allocated with devm_kzalloc() so freeing them with kfree() will lead to a double free. This would only happen if probe failed, and the system is not bootable. Fixes: ef3c613ccd68 ("clk: renesas: Add CPG core wrapper for RZ/G2L SoC") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- V2: Fix "pll_clk" as well. drivers/clk/renesas/renesas-rzg2l-cpg.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-)