Re: [PATCH v2] pata_parport: fix possible memory leak

[Damien Le Moal]

On 3/13/23 06:24, Ondrej Zary wrote:
> On Sunday 12 March 2023 01:56:25 Damien Le Moal wrote:
>> On 3/12/23 06:44, Ondrej Zary wrote:
>>> When ida_alloc() fails, "pi" is not freed although the misleading
>>> comment says otherwise.
>>> Move the ida_alloc() call up so we really don't have to free it.
>>
>> Certainly you meant: "so we really do free it in case of error.", no ?
> 
> I meant "so we don't have to free pi in case of ida_alloc failure".

That is better. Please rephrase the commit message to this.

>>>  	/* set up pi->dev before pi_probe_unit() so it can use dev_printk() */
>>>  	pi->dev.parent = &pata_parport_bus;
>>>  	pi->dev.bus = &pata_parport_bus_type;
>>>  	pi->dev.driver = &pr->driver;
>>>  	pi->dev.release = pata_parport_dev_release;
>>> -	id = ida_alloc(&pata_parport_bus_dev_ids, GFP_KERNEL);
>>> -	if (id < 0)
>>> -		return NULL; /* pata_parport_dev_release will do kfree(pi) */
>>>  	pi->dev.id = id;
>>>  	dev_set_name(&pi->dev, "pata_parport.%u", pi->dev.id);
>>>  	if (device_register(&pi->dev)) {
>>> @@ -571,7 +572,7 @@ static struct pi_adapter *pi_init_one(struct parport *parport,
>>>  out_unreg_dev:
>>>  	device_unregister(&pi->dev);
>>
>> Same comment as Sergey: isn't this going to do the ida free ? So shouldn't you
>> return here ?
> 
> No. device_unregister() calls pata_parport_dev_release() which does only kfree(pi), not ida_free(). But it probably should do ida_free() too.

Yes, it should, otherwise you are leaking the ida with the normal (no errors)
case. Care to send a fix for that too ?



-- 
Damien Le Moal
Western Digital Research