Re: [PATCH v2] thunderbolt: Fix to check return value of ida_simple_get

From: Mukesh Ojha
Date: Fri Mar 22 2019 - 03:32:01 EST

Next message: Michal Kubecek: "Re: New ethtool sub-feature and ethtool-netlink"
Previous message: Abhishek Goel: "[PATCH 2/2] cpuidle : Add auto-promotion flag to cpuidle flags"
In reply to: Mika Westerberg: "Re: [PATCH v2] thunderbolt: Fix to check return value of ida_simple_get"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/21/2019 11:19 AM, Mika Westerberg wrote:

On Thu, Mar 21, 2019 at 02:09:41AM +0530, Mukesh Ojha wrote:

On 3/20/2019 9:59 PM, Mika Westerberg wrote:

On Wed, Mar 20, 2019 at 11:24:45AM -0500, Aditya Pakki wrote:

In enumerate_services, ida_simple_get on failure can return an error and
leaks memory during device_register failure. The patch ensures that
the dev_set_name is set on non failure cases, and releases memory in
case of failure.

Signed-off-by: Aditya Pakki <pakki001@xxxxxxx>

---
v1: Missed cleanup of svc in case of allocation failure and
device_register failure.
---
drivers/thunderbolt/xdomain.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
index e27dd8beb94b..eb08275185bf 100644
--- a/drivers/thunderbolt/xdomain.c
+++ b/drivers/thunderbolt/xdomain.c
@@ -740,6 +740,7 @@ static void enumerate_services(struct tb_xdomain *xd)
struct tb_service *svc;
struct tb_property *p;
struct device *dev;
+ int id;
/*
* First remove all services that are not available anymore in
@@ -768,7 +769,12 @@ static void enumerate_services(struct tb_xdomain *xd)
break;
}
- svc->id = ida_simple_get(&xd->service_ids, 0, 0, GFP_KERNEL);
+ id = ida_simple_get(&xd->service_ids, 0, 0, GFP_KERNEL);
+ if (id < 0) {
+ kfree(svc);
+ break;
+ }
+ svc->id = id;
svc->dev.bus = &tb_bus_type;
svc->dev.type = &tb_service_type;
svc->dev.parent = &xd->dev;
@@ -776,6 +782,7 @@ static void enumerate_services(struct tb_xdomain *xd)
if (device_register(&svc->dev)) {
put_device(&svc->dev);
+ kfree(svc);

You can't do this after device_register() is called. The put_device()
above is sufficient.

IfÂ device_register fails, how would svc gets freed? we needÂ to kfree svc
here as well.

Please read the comment on top of device_register(). It should explain.

So no kfree here.

Thanks for pointer Mika.

Overlooked the fact that dev is a data member of svc not a pointer, also noticed there are many places in tree where , it is not
followed.

Thanks,
Mukesh

Next message: Michal Kubecek: "Re: New ethtool sub-feature and ethtool-netlink"
Previous message: Abhishek Goel: "[PATCH 2/2] cpuidle : Add auto-promotion flag to cpuidle flags"
In reply to: Mika Westerberg: "Re: [PATCH v2] thunderbolt: Fix to check return value of ida_simple_get"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]