Re: [PATCH] PM / devfreq: fix mem leak and missing check of return value in devfreq_add_device()
From: Chanwoo Choi
Date: Sat Jan 19 2019 - 07:27:55 EST
Hi Yangtao,
2019ë 1ì 19ì (í) ìí 2:03, Yangtao Li <tiny.windzz@xxxxxxxxx>ëì ìì:
>
> 'devfreq' is malloced in devfreq_add_device() and should be freed in
> the error handling cases, otherwise it will cause memory leak.
>
> devm_kzalloc() could fail, so insert a check of its return value. And
> if it fails, returns -ENOMEM.
>
> Signed-off-by: Yangtao Li <tiny.windzz@xxxxxxxxx>
> ---
> drivers/devfreq/devfreq.c | 33 ++++++++++++++++++++++-----------
> 1 file changed, 22 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
> index 0ae3de76833b..fe6c157cb7e0 100644
> --- a/drivers/devfreq/devfreq.c
> +++ b/drivers/devfreq/devfreq.c
> @@ -651,7 +651,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
> mutex_unlock(&devfreq->lock);
> err = set_freq_table(devfreq);
> if (err < 0)
> - goto err_out;
> + goto err_dev;
> mutex_lock(&devfreq->lock);
> }
>
> @@ -683,16 +683,27 @@ struct devfreq *devfreq_add_device(struct device *dev,
> goto err_out;
> }
>
> - devfreq->trans_table =
> - devm_kzalloc(&devfreq->dev,
> - array3_size(sizeof(unsigned int),
> - devfreq->profile->max_state,
> - devfreq->profile->max_state),
> - GFP_KERNEL);
> + devfreq->trans_table = devm_kzalloc(&devfreq->dev,
> + array3_size(sizeof(unsigned int),
> + devfreq->profile->max_state,
> + devfreq->profile->max_state),
> + GFP_KERNEL);
The above 10 ten lines are not related to the memory leak for this
patch. If you want to fix the indentation, you have to make it
separately.
> + if (!devfreq->trans_table) {
> + mutex_unlock(&devfreq->lock);
> + err = -ENOMEM;
> + goto err_devfreq;
> + }
> +
> devfreq->time_in_state = devm_kcalloc(&devfreq->dev,
> - devfreq->profile->max_state,
> - sizeof(unsigned long),
> - GFP_KERNEL);
> + devfreq->profile->max_state,
> + sizeof(unsigned long),
> + GFP_KERNEL);
ditto. The above 6 ten lines are not related to the memory leak for
this patch. If you want to fix the indentation, you have to make it
separately.
> + if (!devfreq->time_in_state) {
> + mutex_unlock(&devfreq->lock);
> + err = -ENOMEM;
> + goto err_devfreq;
> + }
> +
> devfreq->last_stat_updated = jiffies;
>
> srcu_init_notifier_head(&devfreq->transition_notifier_list);
> @@ -726,7 +737,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
>
> err_init:
> mutex_unlock(&devfreq_list_lock);
> -
> +err_devfreq:
> devfreq_remove_device(devfreq);
> devfreq = NULL;
> err_dev:
Also, you better to add following codes to free the memory of
'devfreq->trans_table' and 'devfreq->time_in_state' because this patch
handles the memory leak of 'trans_table' and 'time_in_state'
variables.
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
index 0ae3de7..945f5f1 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -593,6 +593,9 @@ static void devfreq_dev_release(struct device *dev)
devfreq->profile->exit(devfreq->dev.parent);
mutex_destroy(&devfreq->lock);
+ kfree(devfreq->trans_table);
+ kfree(devfreq->time_in_state);
kfree(devfreq);
}
--
Best Regards,
Chanwoo Choi
Samsung Electronics