[PATCH] /drivers/powercap/dtpm_cpu.c: fix policy reference leak in cpuhp_dtpm_cpu_online()

From: Wentao_Liang
Date: Wed Nov 24 2021 - 10:43:23 EST


In line 186(#1), 'policy = cpufreq_cpu_get(cpu)' will increase the kobject
reference counter of the policy. The policy has to be released with the
help of 'cpufreq_cpu_put()' to balance its kobject reference counter
properly. However, the function returns without dropping the reference
(#2,#3,#4,#5 and #6). It may result in a reference leak bug.

It can be fixed by calling the function 'cpufreq_cpu_put()' before the
function returns.

178 static int cpuhp_dtpm_cpu_online(unsigned int cpu)
179 {
...
186 policy = cpufreq_cpu_get(cpu);
//#1 reference increase
...
191 if (!pd)
192 return -EINVAL;
//#2 function returns without decrementing reference counter
193
194 dtpm_cpu = per_cpu(dtpm_per_cpu, cpu);
195 if (dtpm_cpu)
196 return dtpm_update_power(&dtpm_cpu->dtpm);
//#3 function returns without decrementing reference counter
197
198 dtpm_cpu = kzalloc(sizeof(*dtpm_cpu), GFP_KERNEL);
199 if (!dtpm_cpu)
200 return -ENOMEM;
//#4 function returns without decrementing reference counter
...
220 return 0;
//#5 function returns without decrementing reference counter
...
226 out_kfree_dtpm_cpu:
...
231 return ret;
//#6 function returns without decrementing reference counter
232 }

Signed-off-by: Wentao_Liang <Wentao_Liang_g@xxxxxxx>
---
drivers/powercap/dtpm_cpu.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/powercap/dtpm_cpu.c b/drivers/powercap/dtpm_cpu.c
index 51c366938acd..9330cfb31a62 100644
--- a/drivers/powercap/dtpm_cpu.c
+++ b/drivers/powercap/dtpm_cpu.c
@@ -189,16 +189,22 @@ static int cpuhp_dtpm_cpu_online(unsigned int cpu)
return 0;

pd = em_cpu_get(cpu);
- if (!pd)
+ if (!pd) {
+ cpufreq_cpu_put(policy);
return -EINVAL;
+ }

dtpm = per_cpu(dtpm_per_cpu, cpu);
- if (dtpm)
+ if (dtpm) {
+ cpufreq_cpu_put(policy);
return power_add(dtpm, pd);
+ }

dtpm = dtpm_alloc(&dtpm_ops);
- if (!dtpm)
+ if (!dtpm) {
+ cpufreq_cpu_put(policy);
return -EINVAL;
+ }

dtpm_cpu = kzalloc(sizeof(*dtpm_cpu), GFP_KERNEL);
if (!dtpm_cpu)
@@ -226,6 +232,7 @@ static int cpuhp_dtpm_cpu_online(unsigned int cpu)
if (ret)
goto out_power_sub;

+ cpufreq_cpu_put(policy);
return 0;

out_power_sub:
@@ -243,6 +250,7 @@ static int cpuhp_dtpm_cpu_online(unsigned int cpu)

out_kfree_dtpm:
kfree(dtpm);
+ cpufreq_cpu_put(policy);
return ret;
}

--
2.25.1