Re: [Bug report] Memory leak in scmi_device_create

From: Catalin Marinas
Date: Thu Mar 06 2025 - 11:19:19 EST

Next message: Borislav Petkov: "Re: request_irq() with local bh disabled"
Previous message: Robert Richter: "Re: [PATCH v3 14/18] cxl/region: Unfold cxl_find_root_decoder() into cxl_endpoint_decoder_initialize()"
In reply to: Cristian Marussi: "Re: [Bug report] Memory leak in scmi_device_create"
Next in thread: Cristian Marussi: "Re: [Bug report] Memory leak in scmi_device_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 06, 2025 at 03:47:27PM +0000, Cristian Marussi wrote:
> On Thu, Mar 06, 2025 at 02:36:16PM +0000, Catalin Marinas wrote:
> > This loop in scmi_device_create() looks strange:
> >
> > list_for_each_entry(rdev, phead, node) {
> > struct scmi_device *sdev;
> >
> > sdev = __scmi_device_create(np, parent,
> > rdev->id_table->protocol_id,
> > rdev->id_table->name);
> > /* Report errors and carry on... */
> > if (sdev)
> > scmi_dev = sdev;
> > else
> > pr_err("(%s) Failed to create device for protocol 0x%x (%s)\n",
> > of_node_full_name(parent->of_node),
> > rdev->id_table->protocol_id,
> > rdev->id_table->name);
> > }
> >
> > We can override scmi_dev a few times in the loop and lose the previous
> > sdev allocations. Is this intended?
>
> Yes...it is weird..but by design I would say :P ...
>
> ...because this is called to instantiate one single device OR instantiate at
> once all the multiple devices needed for a protocol: in this latter case it
> returns just one of the created devices to signal success or NULL if all the
> devices' creation failed....we dont need to keep the allocated devices references
> anyway here since on success those devices are now referenced and kept on the
> SCMI bus, so they can be searched/scanned/destroyed from there.

Not sure why the pointer isn't found, device_add() should link it with
the parent. Unless something else fails, the parent is freed and the
linked devices unreachable. I'm not familiar at all with this code, I
just saw kmemleak and thought of replying.

The loop is still weird, scmi_chan_setup() seems to use the pointer to
scmi_device for something more meaningful than a pass/fail check. Also
the overall result is based only on what the last __scmi_device_create()
return value was, irrespective of the previous iterations of the loop.
You do have a pr_err() but no early bailing out of the loop on failure.
I'm curious if there are any SCMI errors in the Alice's kernel log.

--
Catalin

Next message: Borislav Petkov: "Re: request_irq() with local bh disabled"
Previous message: Robert Richter: "Re: [PATCH v3 14/18] cxl/region: Unfold cxl_find_root_decoder() into cxl_endpoint_decoder_initialize()"
In reply to: Cristian Marussi: "Re: [Bug report] Memory leak in scmi_device_create"
Next in thread: Cristian Marussi: "Re: [Bug report] Memory leak in scmi_device_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]