diff mbox series

/drivers/powercap/dtpm_cpu.c: fix policy reference leak in cpuhp_dtpm_cpu_online()

Message ID 20211124152553.3407-1-Wentao_Liang_g@163.com (mailing list archive)
State New, archived
Delegated to: Daniel Lezcano
Headers show
Series /drivers/powercap/dtpm_cpu.c: fix policy reference leak in cpuhp_dtpm_cpu_online() | expand

Commit Message

Wentao_Liang Nov. 24, 2021, 3:25 p.m. UTC 
In line 186(#1), 'policy = cpufreq_cpu_get(cpu)' will increase the kobject
reference counter of the policy. The policy has to be released with the
help of 'cpufreq_cpu_put()' to balance its kobject reference counter
properly. However, the function returns without dropping the reference
(#2,#3,#4,#5 and #6). It may result in a reference leak bug.

It can be fixed by calling the function 'cpufreq_cpu_put()' before the
function returns.

178 static int cpuhp_dtpm_cpu_online(unsigned int cpu)
179 {
...
186         policy = cpufreq_cpu_get(cpu);
	      //#1 reference increase
...
191         if (!pd)
192                 return -EINVAL;
	      //#2 function returns without decrementing reference counter
193
194         dtpm_cpu = per_cpu(dtpm_per_cpu, cpu);
195         if (dtpm_cpu)
196                 return dtpm_update_power(&dtpm_cpu->dtpm);
	      //#3 function returns without decrementing reference counter
197
198         dtpm_cpu = kzalloc(sizeof(*dtpm_cpu), GFP_KERNEL);
199         if (!dtpm_cpu)
200                 return -ENOMEM;
	      //#4 function returns without decrementing reference counter
...
220         return 0;
	      //#5 function returns without decrementing reference counter
...
226 out_kfree_dtpm_cpu:
...
231         return ret;
	      //#6 function returns without decrementing reference counter
232 }

Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
---
 drivers/powercap/dtpm_cpu.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/drivers/powercap/dtpm_cpu.c b/drivers/powercap/dtpm_cpu.c
index 51c366938acd..9330cfb31a62 100644
--- a/drivers/powercap/dtpm_cpu.c
+++ b/drivers/powercap/dtpm_cpu.c
@@ -189,16 +189,22 @@  static int cpuhp_dtpm_cpu_online(unsigned int cpu)
 		return 0;
 
 	pd = em_cpu_get(cpu);
-	if (!pd)
+	if (!pd) {
+		cpufreq_cpu_put(policy);
 		return -EINVAL;
+	}
 
 	dtpm = per_cpu(dtpm_per_cpu, cpu);
-	if (dtpm)
+	if (dtpm) {
+		cpufreq_cpu_put(policy);
 		return power_add(dtpm, pd);
+	}
 
 	dtpm = dtpm_alloc(&dtpm_ops);
-	if (!dtpm)
+	if (!dtpm) {
+		cpufreq_cpu_put(policy);
 		return -EINVAL;
+	}
 
 	dtpm_cpu = kzalloc(sizeof(*dtpm_cpu), GFP_KERNEL);
 	if (!dtpm_cpu)
@@ -226,6 +232,7 @@  static int cpuhp_dtpm_cpu_online(unsigned int cpu)
 	if (ret)
 		goto out_power_sub;
 
+	cpufreq_cpu_put(policy);
 	return 0;
 
 out_power_sub:
@@ -243,6 +250,7 @@  static int cpuhp_dtpm_cpu_online(unsigned int cpu)
 
 out_kfree_dtpm:
 	kfree(dtpm);
+	cpufreq_cpu_put(policy);
 	return ret;
 }