[mkp-scsi:for-next 276/292] drivers/scsi/ufs/ufshcd.c:7965 ufshcd_request_sense_async() warn: possible memory leak of 'buffer'

From: Dan Carpenter
Date: Tue Aug 24 2021 - 05:58:36 EST


tree: https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next
head: d09224115cf67bdce4eef2ca3533f86ab1ea1942
commit: c6b2e1373c89c4ecf2b379720b3eb24cf99844f4 [276/292] scsi: ufs: Fix ufshcd_request_sense_async() for Samsung KLUFG8RHDA-B2D1
config: i386-randconfig-m021-20210824 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

New smatch warnings:
drivers/scsi/ufs/ufshcd.c:7965 ufshcd_request_sense_async() warn: possible memory leak of 'buffer'

Old smatch warnings:
drivers/scsi/ufs/ufshcd.c:5254 ufshcd_uic_cmd_compl() error: we previously assumed 'hba->active_uic_cmd' could be null (see line 5242)

vim +/buffer +7965 drivers/scsi/ufs/ufshcd.c

4f3e900b628226 Jaegeuk Kim 2020-11-17 7945 static int
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7946 ufshcd_request_sense_async(struct ufs_hba *hba, struct scsi_device *sdev)
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7947 {
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7948 /*
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7949 * Some UFS devices clear unit attention condition only if the sense
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7950 * size used (UFS_SENSE_SIZE in this case) is non-zero.
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7951 */
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7952 static const u8 cmd[6] = {REQUEST_SENSE, 0, 0, 0, UFS_SENSE_SIZE, 0};
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7953 struct scsi_request *rq;
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7954 struct request *req;
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7955 char *buffer;
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7956 int ret;
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7957
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7958 buffer = kzalloc(UFS_SENSE_SIZE, GFP_KERNEL);
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7959 if (!buffer)
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7960 return -ENOMEM;
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7961
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7962 req = blk_get_request(sdev->request_queue, REQ_OP_DRV_IN,
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7963 /*flags=*/BLK_MQ_REQ_PM);
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7964 if (IS_ERR(req))
ac1bc2ba060f96 Bart Van Assche 2021-07-21 @7965 return PTR_ERR(req);

kfree(buffer);

ac1bc2ba060f96 Bart Van Assche 2021-07-21 7966
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7967 ret = blk_rq_map_kern(sdev->request_queue, req,
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7968 buffer, UFS_SENSE_SIZE, GFP_NOIO);
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7969 if (ret) {
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7970 blk_put_request(req);
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7971 kfree(buffer);
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7972 return ret;
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7973 }
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7974
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7975 rq = scsi_req(req);
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7976 rq->cmd_len = ARRAY_SIZE(cmd);
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7977 memcpy(rq->cmd, cmd, rq->cmd_len);
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7978 rq->retries = 3;
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7979 req->timeout = 1 * HZ;
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7980 req->rq_flags |= RQF_PM | RQF_QUIET;
c6b2e1373c89c4 Adrian Hunter 2021-08-23 7981 req->end_io_data = buffer;
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7982
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7983 blk_execute_rq_nowait(/*bd_disk=*/NULL, req, /*at_head=*/true,
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7984 ufshcd_request_sense_done);
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7985 return 0;
ac1bc2ba060f96 Bart Van Assche 2021-07-21 7986 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx