Re: [PATCH] staging: vme: fix memory leak in vme_user_probe()

From: Aaron Sierra
Date: Wed Mar 26 2014 - 14:52:27 EST


----- Original Message -----
> From: "Daeseok Youn" <daeseok.youn@xxxxxxxxx>
> Sent: Tuesday, March 25, 2014 10:01:48 PM
> Subject: [PATCH] staging: vme: fix memory leak in vme_user_probe()
>
>
> If vme_master_request() returns NULL when it failed,
> it need to free buffers for master.
>
> And also removes unreachable code in vme_user_probe().
>
> Signed-off-by: Daeseok Youn <daeseok.youn@xxxxxxxxx>
> ---
> drivers/staging/vme/devices/vme_user.c | 9 +++------
> 1 files changed, 3 insertions(+), 6 deletions(-)

Nice catches Daeseok. I don't maintain this driver, but I have some
suggestions below.

>
> diff --git a/drivers/staging/vme/devices/vme_user.c
> b/drivers/staging/vme/devices/vme_user.c
> index 7927927..ffb4eee 100644
> --- a/drivers/staging/vme/devices/vme_user.c
> +++ b/drivers/staging/vme/devices/vme_user.c
> @@ -776,7 +776,8 @@ static int vme_user_probe(struct vme_dev *vdev)
> image[i].kern_buf = kmalloc(image[i].size_buf, GFP_KERNEL);
> if (image[i].kern_buf == NULL) {
> err = -ENOMEM;
> - goto err_master_buf;
> + vme_master_free(image[i].resource);
> + goto err_master;
> }
> }

I think it would be nice to keep all of the cleanup under the err_master
label.

That could be done by changing the kern_buf allocation in this part to
a devm_kmalloc. Then devm handles the kern_buf freeing entirely.

>
> @@ -819,8 +820,6 @@ static int vme_user_probe(struct vme_dev *vdev)
>
> return 0;
>
> - /* Ensure counter set correcty to destroy all sysfs devices */
> - i = VME_DEVS;
> err_sysfs:
> while (i > 0) {
> i--;
> @@ -830,12 +829,10 @@ err_sysfs:
>
> /* Ensure counter set correcty to unalloc all master windows */
> i = MASTER_MAX + 1;
> -err_master_buf:
> - for (i = MASTER_MINOR; i < (MASTER_MAX + 1); i++)
> - kfree(image[i].kern_buf);
> err_master:
> while (i > MASTER_MINOR) {
> i--;
> + kfree(image[i].kern_buf);
> vme_master_free(image[i].resource);
> }

Using devm_kmalloc as mentioned above, the while loop could be
simplified to this:

err_master:
while (i >= MASTER_MINOR) {
vme_master_free(image[i].resource);
i--;
}

If not moving to devm, this should be safe even though the first
kern_buf may be NULL:

err_master:
while (i >= MASTER_MINOR) {
kfree(image[i].kern_buf);
vme_master_free(image[i].resource);
i--;
}

-Aaron

>
> --
> 1.7.4.4
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/