Re: [PATCH] staging: atomisp: fix memory leak in sh_css_load_firmware on error path

Next message: Barry Song: "Re: [PATCH 3/3] mm: optimize free_area_empty() check using per-migratetype counts"
Previous message: Jinjie Ruan: "[PATCH v12 09/15] arm64: kexec_file: Use crash_prepare_headers() helper to simplify code"
In reply to: Andy Shevchenko: "Re: [PATCH] staging: atomisp: fix memory leak in sh_css_load_firmware on error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Thu Apr 02 2026 - 03:34:34 EST

On Thu, Apr 2, 2026 at 10:15 AM Andy Shevchenko
<andy.shevchenko@xxxxxxxxx> wrote:
> On Wed, Apr 1, 2026 at 8:02 PM Sairam Bandikanti
> <sairambandikanti@xxxxxxxxx> wrote:
> >
> > sh_css_load_firmware() allocates sh_css_blob_info and fw_minibuffer but
> > all error paths inside the firmware parsing loop use bare 'return'
> > statements, leaking both allocations. Additionally, when the
> > fw_minibuffer allocation itself fails, sh_css_blob_info is leaked.
> >
> > Replace all bare returns with goto to a common err_alloc cleanup label
> > that frees both allocations before returning.
>
> NAK.
>
> > Signed-off-by: Sairam Bandikanti <sairambandikanti@xxxxxxxxx>
> > Assisted-by: Claude <noreply@xxxxxxxxxxxxx>
>
> Please, use your skills to investigate what the code is doing and not
> blindly follow some stupid AI.

A bit of elaboration. There is indeed an issue with the memory
leaking, but taking into account how the code is organised the problem
lies in the error path of atomisp_pci_probe() to make sure the
ia_css_unload_firmware() is called even on the failed
atomisp_css_load_firmware() and in sh_css_load_firmware() to check
that sh_css_num_binaries is not 0.

It took 5 minutes of browsing code via
https://elixir.bootlin.com/linux/v7.0-rc6/source/...

--
With Best Regards,
Andy Shevchenko