| Message ID | 20221020034548.2391293-1-yangyingliang@huawei.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init() | expand |
On 2022-10-20 5:45 AM, Yang Yingliang wrote: > If snd_hdac_device_register() fails, 'codec' is leaked, free it > in snd_hdac_device_exit(). And device_initialize() is called in > snd_hdac_device_init(), it should call put_device() to give up > reference or the name allocated in dev_set_name() is leaked. > The snd_hdac_device_exit() will be called in dev->release(). > > Fixes: e4746d94d00c ("ASoC: Intel: Skylake: Introduce HDA codec init and exit routines") > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> > --- > sound/soc/intel/skylake/skl.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c > index bbba2df33aaf..f0048e3fa619 100644 > --- a/sound/soc/intel/skylake/skl.c > +++ b/sound/soc/intel/skylake/skl.c > @@ -691,7 +691,11 @@ static void load_codec_module(struct hda_codec *codec) > > static void skl_codec_device_exit(struct device *dev) > { > - snd_hdac_device_exit(dev_to_hdac_dev(dev)); > + struct hdac_device *hdac_dev = dev_to_hdac_dev(dev); > + struct hda_codec *codec = container_of(hdac_dev, struct hda_codec, core); > + > + snd_hdac_device_exit(hdac_dev); > + kfree(codec); > } > > static struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr) > @@ -711,7 +715,7 @@ static struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr) > ret = snd_hdac_device_register(&codec->core); > if (ret) { > dev_err(bus->dev, "failed to register hdac device\n"); > - snd_hdac_device_exit(&codec->core); > + put_device(&codec->core.dev); > return ERR_PTR(ret); > } > Hello, That's a tricky one. And that's because the code added in commit [1] which you're fixing here, basically mimics the original code that has been removed later on in the series of mine [2]. The key part is: function snd_hda_codec_device_init() replaced snd_hdac_device_init(). I believe the former may generate codec-leak in situations you speak of. Now, on to the fix. My suggestion is to start with removing the following line: codec->core.dev.release = skl_codec_device_exit; and skl_codec_device_exit() function itself. Let's leave the default as is and see if the leak still occurs. [1]: https://lore.kernel.org/alsa-devel/20220816111727.3218543-2-cezary.rojewski@intel.com/ [2]: https://lore.kernel.org/alsa-devel/20220816111727.3218543-6-cezary.rojewski@intel.com/ Regards, Czarek
Hi, On 2022/10/20 16:39, Cezary Rojewski wrote: > On 2022-10-20 5:45 AM, Yang Yingliang wrote: >> If snd_hdac_device_register() fails, 'codec' is leaked, free it >> in snd_hdac_device_exit(). And device_initialize() is called in >> snd_hdac_device_init(), it should call put_device() to give up >> reference or the name allocated in dev_set_name() is leaked. >> The snd_hdac_device_exit() will be called in dev->release(). >> >> Fixes: e4746d94d00c ("ASoC: Intel: Skylake: Introduce HDA codec init >> and exit routines") >> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> >> --- >> sound/soc/intel/skylake/skl.c | 8 ++++++-- >> 1 file changed, 6 insertions(+), 2 deletions(-) >> >> diff --git a/sound/soc/intel/skylake/skl.c >> b/sound/soc/intel/skylake/skl.c >> index bbba2df33aaf..f0048e3fa619 100644 >> --- a/sound/soc/intel/skylake/skl.c >> +++ b/sound/soc/intel/skylake/skl.c >> @@ -691,7 +691,11 @@ static void load_codec_module(struct hda_codec >> *codec) >> static void skl_codec_device_exit(struct device *dev) >> { >> - snd_hdac_device_exit(dev_to_hdac_dev(dev)); >> + struct hdac_device *hdac_dev = dev_to_hdac_dev(dev); >> + struct hda_codec *codec = container_of(hdac_dev, struct >> hda_codec, core); >> + >> + snd_hdac_device_exit(hdac_dev); >> + kfree(codec); >> } >> static struct hda_codec *skl_codec_device_init(struct hdac_bus >> *bus, int addr) >> @@ -711,7 +715,7 @@ static struct hda_codec >> *skl_codec_device_init(struct hdac_bus *bus, int addr) >> ret = snd_hdac_device_register(&codec->core); >> if (ret) { >> dev_err(bus->dev, "failed to register hdac device\n"); >> - snd_hdac_device_exit(&codec->core); >> + put_device(&codec->core.dev); >> return ERR_PTR(ret); >> } > > Hello, > > That's a tricky one. And that's because the code added in commit [1] > which you're fixing here, basically mimics the original code that has > been removed later on in the series of mine [2]. > > The key part is: function snd_hda_codec_device_init() replaced > snd_hdac_device_init(). I believe the former may generate codec-leak > in situations you speak of. Yes, after using snd_hda_codec_device_init(), 'codec' is leaked. And there is another leak, the name allocated in dev_set_name() called in snd_hdac_device_init() is always leaked if snd_hdac_device_register() fails in snd_hdac_ext_bus_device_init() which is introduced by comit dfe66a18780d ("ALSA: hdac_ext: add extended HDA bus"). > > Now, on to the fix. My suggestion is to start with removing the > following line: > codec->core.dev.release = skl_codec_device_exit; > > and skl_codec_device_exit() function itself. Let's leave the default > as is and see if the leak still occurs. OK, I will send a v2. Thanks, Yang > > > [1]: > https://lore.kernel.org/alsa-devel/20220816111727.3218543-2-cezary.rojewski@intel.com/ > [2]: > https://lore.kernel.org/alsa-devel/20220816111727.3218543-6-cezary.rojewski@intel.com/ > > > Regards, > Czarek > .
diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c index bbba2df33aaf..f0048e3fa619 100644 --- a/sound/soc/intel/skylake/skl.c +++ b/sound/soc/intel/skylake/skl.c @@ -691,7 +691,11 @@ static void load_codec_module(struct hda_codec *codec) static void skl_codec_device_exit(struct device *dev) { - snd_hdac_device_exit(dev_to_hdac_dev(dev)); + struct hdac_device *hdac_dev = dev_to_hdac_dev(dev); + struct hda_codec *codec = container_of(hdac_dev, struct hda_codec, core); + + snd_hdac_device_exit(hdac_dev); + kfree(codec); } static struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr) @@ -711,7 +715,7 @@ static struct hda_codec *skl_codec_device_init(struct hdac_bus *bus, int addr) ret = snd_hdac_device_register(&codec->core); if (ret) { dev_err(bus->dev, "failed to register hdac device\n"); - snd_hdac_device_exit(&codec->core); + put_device(&codec->core.dev); return ERR_PTR(ret); }
If snd_hdac_device_register() fails, 'codec' is leaked, free it in snd_hdac_device_exit(). And device_initialize() is called in snd_hdac_device_init(), it should call put_device() to give up reference or the name allocated in dev_set_name() is leaked. The snd_hdac_device_exit() will be called in dev->release(). Fixes: e4746d94d00c ("ASoC: Intel: Skylake: Introduce HDA codec init and exit routines") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- sound/soc/intel/skylake/skl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)