Re: [PATCH] atm: he: fix potential ioremap leak of membase in he_dev

From: Dan Carpenter
Date: Fri Mar 10 2023 - 10:24:18 EST


On Fri, Mar 10, 2023 at 09:15:43PM +0800, Dongliang Mu wrote:
>
>
> On 3/10/23 19:28, Francois Romieu wrote:
> > Gencen Gan <u202011061@xxxxxxxxx> :
> > > In the function he_start() in drivers/atm/he.c, there
> > > is no unmapping of he_dev->membase in the branch that
> > > exits due to an error like reset failure, which may
> > > cause a memory leak.
> >
> > Why would he_dev->membase not be unmapped in he_stop() ?
> >
> > he_stop() is paired with he_start() as soon a he_start() returns
> > anything different from 0 in he_init_one(). I see no other place
> > where he_start() is used.
>
> Yes, you're right. We will check more about reports from the static checker
> Smatch.
>
> Smatch should make a false positive here, I think it might be that, Smatch
> has an assumption about do and its paired undo functions. The do function
> should clean up its own allocation operations. And the paired undo function
> can be only called if the do function succeeds.
>
> +cc Dan Carpenter
>
> Maybe @Dan could tell more about this point.
>

Yes. Smatch is assuming that every function cleans up after itself.
Generally this is the way most functions do it.

Perhaps the best option here is to create a new warning for the double
free bug if this patch were applied.

regards,
dan carpenter