Re: [PATCH] remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()'

From: Mathieu Poirier
Date: Thu Sep 09 2021 - 14:02:06 EST


On Sat, Sep 04, 2021 at 01:37:32PM +0200, Christophe JAILLET wrote:
> If 'copy_dma_range_map() fails, the memory allocated for 'rvdev' will leak.
> Move the 'copy_dma_range_map()' call after the device registration so
> that 'rproc_rvdev_release()' can be called to free some resources.
>
> Also, branch to the error handling path if 'copy_dma_range_map()' instead
> of a direct return to avoid some other leaks.
>
> Fixes: e0d072782c73 ("dma-mapping: introduce DMA range map, supplanting dma_pfn_offset")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
> ---
> Compile tested only.
> Review with care. I don't like to move code around because of possible
> side-effect.
> ---
> drivers/remoteproc/remoteproc_core.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
> index 502b6604b757..775df165eb45 100644
> --- a/drivers/remoteproc/remoteproc_core.c
> +++ b/drivers/remoteproc/remoteproc_core.c
> @@ -556,9 +556,6 @@ static int rproc_handle_vdev(struct rproc *rproc, void *ptr,
> /* Initialise vdev subdevice */
> snprintf(name, sizeof(name), "vdev%dbuffer", rvdev->index);
> rvdev->dev.parent = &rproc->dev;
> - ret = copy_dma_range_map(&rvdev->dev, rproc->dev.parent);
> - if (ret)
> - return ret;
> rvdev->dev.release = rproc_rvdev_release;
> dev_set_name(&rvdev->dev, "%s#%s", dev_name(rvdev->dev.parent), name);
> dev_set_drvdata(&rvdev->dev, rvdev);
> @@ -568,6 +565,11 @@ static int rproc_handle_vdev(struct rproc *rproc, void *ptr,
> put_device(&rvdev->dev);
> return ret;
> }
> +
> + ret = copy_dma_range_map(&rvdev->dev, rproc->dev.parent);
> + if (ret)
> + goto free_rvdev;
> +

Good catch.

Reviewed-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>

> /* Make device dma capable by inheriting from parent's capabilities */
> set_dma_ops(&rvdev->dev, get_dma_ops(rproc->dev.parent));
>
> --
> 2.30.2
>