Re: [PATCH] fix memory leak in ramoops_init

[Andrew Morton]

On Mon, 17 Sep 2018 17:15:31 +0800 nixiaoming <nixiaoming@xxxxxxxxxx> wrote:

> 1, memory leak in ramoops_register_dummy.
>    dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
>    but no free when platform_device_register_data return fail
> 
> 2, if kzalloc(sizeof(*dummy_data), GFP_KERNEL) return NULL,
>     but platform_driver_register(&ramoops_driver) return 0
>    kfree(NULL) in ramoops_exit
> so, add return val for ramoops_register_dummy, and check it in ramoops_init
> 
> 3, memory leak in ramoops_init.
>    miss platform_device_unregister(dummy) and kfree(dummy_data)
>    when platform_driver_register(&ramoops_driver) return fail

Looks right.

It's unclear (to me) who maintains fs/pstore/ram.c.  Let's add some
Cc's and see if we can catch a reviewed-by.


From: nixiaoming <nixiaoming@xxxxxxxxxx>
Subject: fs/pstore/ram.c: fix memory leak in ramoops_init()

1, memory leak in ramoops_register_dummy.
   dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
   but no free when platform_device_register_data return fail

2, if kzalloc(sizeof(*dummy_data), GFP_KERNEL) return NULL,
    but platform_driver_register(&ramoops_driver) return 0
   kfree(NULL) in ramoops_exit
so, add return val for ramoops_register_dummy, and check it in ramoops_init

3, memory leak in ramoops_init.
   miss platform_device_unregister(dummy) and kfree(dummy_data)
   when platform_driver_register(&ramoops_driver) return fail

Link: http://lkml.kernel.org/r/20180917091531.21356-1-nixiaoming@xxxxxxxxxx
Signed-off-by: nixiaoming <nixiaoming@xxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
Cc: Amir Goldstein <amir73il@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Joel Fernandes <joelaf@xxxxxxxxxx>
Cc: Geliang Tang <geliangtang@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 fs/pstore/ram.c |   22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

--- a/fs/pstore/ram.c~fix-memory-leak-in-ramoops_init
+++ a/fs/pstore/ram.c
@@ -898,17 +898,17 @@ static struct platform_driver ramoops_dr
 	},
 };
 
-static void ramoops_register_dummy(void)
+static int ramoops_register_dummy(void)
 {
 	if (!mem_size)
-		return;
+		return -EINVAL;
 
 	pr_info("using module parameters\n");
 
 	dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
 	if (!dummy_data) {
 		pr_info("could not allocate pdata\n");
-		return;
+		return -ENOMEM;
 	}
 
 	dummy_data->mem_size = mem_size;
@@ -932,13 +932,25 @@ static void ramoops_register_dummy(void)
 	if (IS_ERR(dummy)) {
 		pr_info("could not create platform device: %ld\n",
 			PTR_ERR(dummy));
+		kfree(dummy_data);
+		return PTR_ERR(dummy);
 	}
+	return 0;
 }
 
 static int __init ramoops_init(void)
 {
-	ramoops_register_dummy();
-	return platform_driver_register(&ramoops_driver);
+	int ret = ramoops_register_dummy();
+
+	if (ret != 0)
+		return ret;
+
+	ret = platform_driver_register(&ramoops_driver);
+	if (ret != 0) {
+		platform_device_unregister(dummy);
+		kfree(dummy_data);
+	}
+	return ret;
 }
 late_initcall(ramoops_init);
 
_