| Message ID | 20190524005014.GA2289@zhanggen-UX430UQ (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tegra_wm9712: Fix a memory leaking bug in tegra_wm9712_driver_probe() | expand |
On 24/05/2019 01:50, Gen Zhang wrote: > In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by > platform_device_alloc(). When it is NULL, function returns ENOMEM. > However, 'machine' is allocated by devm_kzalloc() before this site. > Thus we should free 'machine' before function ends to prevent memory > leaking. Memory allocated by devm_xxx() is automatically freed on failure so this is not correct. > Further, we should free 'machine->util_data', 'machine->codec' and > 'machine' before this function normally ends to prevent memory leaking. This is also incorrect. Why would we free all resources after successfully initialising the driver? > Signed-off-by: Gen Zhang <blackgod016574@gmail.com> > --- > diff --git a/sound/soc/tegra/tegra_wm9712.c b/sound/soc/tegra/tegra_wm9712.c > index 864a334..295c41d 100644 > --- a/sound/soc/tegra/tegra_wm9712.c > +++ b/sound/soc/tegra/tegra_wm9712.c > @@ -86,7 +86,8 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev) > machine->codec = platform_device_alloc("wm9712-codec", -1); > if (!machine->codec) { > dev_err(&pdev->dev, "Can't allocate wm9712 platform device\n"); > - return -ENOMEM; > + ret = -ENOMEM; > + goto codec_free; > } > > ret = platform_device_add(machine->codec); > @@ -127,6 +128,10 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev) > goto asoc_utils_fini; > } > > + tegra_asoc_utils_fini(&machine->util_data); > + platform_device_del(machine->codec); > + platform_device_put(machine->codec); > + devm_kfree(&pdev->dev, machine); > return 0; As stated above, this is incorrect. Did you actually test this? I think you would find this would break the driver. Jon
On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote: > > On 24/05/2019 01:50, Gen Zhang wrote: > > In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by > > platform_device_alloc(). When it is NULL, function returns ENOMEM. > > However, 'machine' is allocated by devm_kzalloc() before this site. > > Thus we should free 'machine' before function ends to prevent memory > > leaking. > > Memory allocated by devm_xxx() is automatically freed on failure so this > is not correct. Thanks for your comments, Jon. But after I examined the code, I am still confused about the usage of devm_kmalloc(). You can kindly refer to hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And devm_kfree() is used to free a memory allocated by devm_kmalloc(). And I found other situations similar to this in other files. So, I hope you can give me some guidance on this. Thanks! > > > Further, we should free 'machine->util_data', 'machine->codec' and > > 'machine' before this function normally ends to prevent memory leaking. > > This is also incorrect. Why would we free all resources after > successfully initialising the driver? I re-checked this part, and it is totally incorrect. It should be deleted. Thanks Gen
On 24/05/2019 15:33, Gen Zhang wrote: > On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote: >> >> On 24/05/2019 01:50, Gen Zhang wrote: >>> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by >>> platform_device_alloc(). When it is NULL, function returns ENOMEM. >>> However, 'machine' is allocated by devm_kzalloc() before this site. >>> Thus we should free 'machine' before function ends to prevent memory >>> leaking. >> >> Memory allocated by devm_xxx() is automatically freed on failure so this >> is not correct. > Thanks for your comments, Jon. But after I examined the code, I am still > confused about the usage of devm_kmalloc(). You can kindly refer to > hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And > devm_kfree() is used to free a memory allocated by devm_kmalloc(). And > I found other situations similar to this in other files. > > So, I hope you can give me some guidance on this. Thanks! Please refer to the devres documentation [0]. Cheers, Jon [0] https://www.kernel.org/doc/Documentation/driver-model/devres.txt
On Fri, May 24, 2019 at 03:47:34PM +0100, Jon Hunter wrote: > > On 24/05/2019 15:33, Gen Zhang wrote: > > On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote: > >> > >> On 24/05/2019 01:50, Gen Zhang wrote: > >>> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by > >>> platform_device_alloc(). When it is NULL, function returns ENOMEM. > >>> However, 'machine' is allocated by devm_kzalloc() before this site. > >>> Thus we should free 'machine' before function ends to prevent memory > >>> leaking. > >> > >> Memory allocated by devm_xxx() is automatically freed on failure so this > >> is not correct. > > Thanks for your comments, Jon. But after I examined the code, I am still > > confused about the usage of devm_kmalloc(). You can kindly refer to > > hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And > > devm_kfree() is used to free a memory allocated by devm_kmalloc(). And > > I found other situations similar to this in other files. > > > > So, I hope you can give me some guidance on this. Thanks! > > Please refer to the devres documentation [0]. > > Cheers, > Jon > > [0] https://www.kernel.org/doc/Documentation/driver-model/devres.txt > > -- > nvpublic Thanks for your reply. I figured out that devm_kmalloc will free the memory no matter fail or not. But I still want to ask why other codes as I above mentioned use devm_kfree() to free memory allocated by devm_kmalloc(). If the memory is automatically freed, is this devm_kfee() redundant codes that should be removed? Am I misunderstanding this again or it is something else? Thanks Gen
On 24/05/2019 16:00, Gen Zhang wrote: > On Fri, May 24, 2019 at 03:47:34PM +0100, Jon Hunter wrote: >> >> On 24/05/2019 15:33, Gen Zhang wrote: >>> On Fri, May 24, 2019 at 09:33:13AM +0100, Jon Hunter wrote: >>>> >>>> On 24/05/2019 01:50, Gen Zhang wrote: >>>>> In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by >>>>> platform_device_alloc(). When it is NULL, function returns ENOMEM. >>>>> However, 'machine' is allocated by devm_kzalloc() before this site. >>>>> Thus we should free 'machine' before function ends to prevent memory >>>>> leaking. >>>> >>>> Memory allocated by devm_xxx() is automatically freed on failure so this >>>> is not correct. >>> Thanks for your comments, Jon. But after I examined the code, I am still >>> confused about the usage of devm_kmalloc(). You can kindly refer to >>> hisi_sas_debugfs_init() in drivers/scsi/hisi_sas/hisi_sas_main.c. And >>> devm_kfree() is used to free a memory allocated by devm_kmalloc(). And >>> I found other situations similar to this in other files. >>> >>> So, I hope you can give me some guidance on this. Thanks! >> >> Please refer to the devres documentation [0]. >> >> Cheers, >> Jon >> >> [0] https://www.kernel.org/doc/Documentation/driver-model/devres.txt >> >> -- >> nvpublic > Thanks for your reply. I figured out that devm_kmalloc will free the > memory no matter fail or not. But I still want to ask why other codes > as I above mentioned use devm_kfree() to free memory allocated by > devm_kmalloc(). If the memory is automatically freed, is this > devm_kfee() redundant codes that should be removed? Am I > misunderstanding this again or it is something else? There could well be cases where you need to explicitly call devm_kfree(), but having a quick glance at the example above, I don't see why you would call devm_kfree() here and yes looks like that code could be simplified significantly. Notice that hisi_sas_debugfs_exit() does not free any memory as it is not necessary to explicitly do so. Cheers Jon
On Fri, May 24, 2019 at 04:36:54PM +0100, Jon Hunter wrote: > There could well be cases where you need to explicitly call > devm_kfree(), but having a quick glance at the example above, I don't > see why you would call devm_kfree() here and yes looks like that code > could be simplified significantly. Notice that hisi_sas_debugfs_exit() > does not free any memory as it is not necessary to explicitly do so. > > Cheers > Jon > > -- > nvpublic Thanks for your suggestions, Jon! I think I need to e-mail to those maintainers about this issue. Thanks Gen
diff --git a/sound/soc/tegra/tegra_wm9712.c b/sound/soc/tegra/tegra_wm9712.c index 864a334..295c41d 100644 --- a/sound/soc/tegra/tegra_wm9712.c +++ b/sound/soc/tegra/tegra_wm9712.c @@ -86,7 +86,8 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev) machine->codec = platform_device_alloc("wm9712-codec", -1); if (!machine->codec) { dev_err(&pdev->dev, "Can't allocate wm9712 platform device\n"); - return -ENOMEM; + ret = -ENOMEM; + goto codec_free; } ret = platform_device_add(machine->codec); @@ -127,6 +128,10 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev) goto asoc_utils_fini; } + tegra_asoc_utils_fini(&machine->util_data); + platform_device_del(machine->codec); + platform_device_put(machine->codec); + devm_kfree(&pdev->dev, machine); return 0; asoc_utils_fini: @@ -135,6 +140,8 @@ static int tegra_wm9712_driver_probe(struct platform_device *pdev) platform_device_del(machine->codec); codec_put: platform_device_put(machine->codec); +codec_free: + devm_kfree(&pdev->dev, machine); return ret; }
In tegra_wm9712_driver_probe(), 'machine->codec' is allocated by platform_device_alloc(). When it is NULL, function returns ENOMEM. However, 'machine' is allocated by devm_kzalloc() before this site. Thus we should free 'machine' before function ends to prevent memory leaking. Further, we should free 'machine->util_data', 'machine->codec' and 'machine' before this function normally ends to prevent memory leaking. Signed-off-by: Gen Zhang <blackgod016574@gmail.com> --- ---