| Message ID | 1490539314-9681-2-git-send-email-leo.yan@linaro.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Sun, Mar 26, 2017 at 10:41:50PM +0800, Leo Yan wrote: > Convert driver to use devm_*() APIs so rely on driver model core layer > to manage resources. This eliminates error path boilerplate and makes > code neat. > > This patch also fixes the memory leakage for 'kmi->io' when remove > module. No, it is not leaked, in fact, your patch introduces a use-after-free bug. kmi->io is of type "struct serio", and this structure has an embedded "struct device". The lifetime of any structure containing a "struct device" is controlled by the lifetime of the struct device. Once serio_register_port() has been called on it, it is up to the serio layer to free this structure. Therefore, your patch creates a bug, and so it gets a NAK. There is no resource leakage here.
On Sun, Mar 26, 2017 at 03:50:24PM +0100, Russell King - ARM Linux wrote: > On Sun, Mar 26, 2017 at 10:41:50PM +0800, Leo Yan wrote: > > Convert driver to use devm_*() APIs so rely on driver model core layer > > to manage resources. This eliminates error path boilerplate and makes > > code neat. > > > > This patch also fixes the memory leakage for 'kmi->io' when remove > > module. > > No, it is not leaked, in fact, your patch introduces a use-after-free > bug. > > kmi->io is of type "struct serio", and this structure has an embedded > "struct device". The lifetime of any structure containing a "struct > device" is controlled by the lifetime of the struct device. > > Once serio_register_port() has been called on it, it is up to the > serio layer to free this structure. > > Therefore, your patch creates a bug, and so it gets a NAK. There is no > resource leakage here. Thanks for reviewing. Now I understood and please ignore this patch and patch 0005. Thanks, Leo Yan -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/input/serio/ambakmi.c b/drivers/input/serio/ambakmi.c index c6606ca..d4814be 100644 --- a/drivers/input/serio/ambakmi.c +++ b/drivers/input/serio/ambakmi.c @@ -112,19 +112,11 @@ static int amba_kmi_probe(struct amba_device *dev, { struct amba_kmi_port *kmi; struct serio *io; - int ret; - - ret = amba_request_regions(dev, NULL); - if (ret) - return ret; - - kmi = kzalloc(sizeof(struct amba_kmi_port), GFP_KERNEL); - io = kzalloc(sizeof(struct serio), GFP_KERNEL); - if (!kmi || !io) { - ret = -ENOMEM; - goto out; - } + kmi = devm_kzalloc(&dev->dev, sizeof(*kmi), GFP_KERNEL); + io = devm_kzalloc(&dev->dev, sizeof(*io), GFP_KERNEL); + if (!kmi || !io) + return -ENOMEM; io->id.type = SERIO_8042; io->write = amba_kmi_write; @@ -136,31 +128,19 @@ static int amba_kmi_probe(struct amba_device *dev, io->dev.parent = &dev->dev; kmi->io = io; - kmi->base = ioremap(dev->res.start, resource_size(&dev->res)); - if (!kmi->base) { - ret = -ENOMEM; - goto out; - } + kmi->base = devm_ioremap_resource(&dev->dev, &dev->res); + if (IS_ERR(kmi->base)) + return PTR_ERR(kmi->base); - kmi->clk = clk_get(&dev->dev, "KMIREFCLK"); - if (IS_ERR(kmi->clk)) { - ret = PTR_ERR(kmi->clk); - goto unmap; - } + kmi->clk = devm_clk_get(&dev->dev, "KMIREFCLK"); + if (IS_ERR(kmi->clk)) + return PTR_ERR(kmi->clk); kmi->irq = dev->irq[0]; amba_set_drvdata(dev, kmi); serio_register_port(kmi->io); return 0; - - unmap: - iounmap(kmi->base); - out: - kfree(kmi); - kfree(io); - amba_release_regions(dev); - return ret; } static int amba_kmi_remove(struct amba_device *dev) @@ -168,10 +148,6 @@ static int amba_kmi_remove(struct amba_device *dev) struct amba_kmi_port *kmi = amba_get_drvdata(dev); serio_unregister_port(kmi->io); - clk_put(kmi->clk); - iounmap(kmi->base); - kfree(kmi); - amba_release_regions(dev); return 0; }
Convert driver to use devm_*() APIs so rely on driver model core layer to manage resources. This eliminates error path boilerplate and makes code neat. This patch also fixes the memory leakage for 'kmi->io' when remove module. Signed-off-by: Leo Yan <leo.yan@linaro.org> --- drivers/input/serio/ambakmi.c | 44 ++++++++++--------------------------------- 1 file changed, 10 insertions(+), 34 deletions(-)