Message ID | 20230928091636.1209914-1-ruanjinjie@huawei.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:cae8:0:b0:403:3b70:6f57 with SMTP id r8csp3199989vqu; Thu, 28 Sep 2023 03:11:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF6e5+u4+xjGHwFEeVsLLvg8QiP2N+I6A+os9UYzrZwpeIX9II28WXegP5UshsJAQDDWXvY X-Received: by 2002:a1f:ea84:0:b0:49a:b6c7:ddfc with SMTP id i126-20020a1fea84000000b0049ab6c7ddfcmr662823vkh.1.1695895903681; Thu, 28 Sep 2023 03:11:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695895903; cv=none; d=google.com; s=arc-20160816; b=kCbgLSrkxU1SJFUzdFPUJUXbUoiOMvaht7cvH3wCTwFjmalVEQFo8AZuf5RaUEL/xZ rTOqNi0CP0JrvmUGRmVp0Hhs5qxtkL2rlePtWY6Dp1fPYNGFbqj/n3nnDHDkI4C7Y0Y5 VsmI3AH70irJXHwFtA4Q5i3kUAOcbPIz7NDMq8q6h9m1tBFdD1jne0WUEmIyAEAa0cb+ gQA7GCV3IEmyTTQZbyOokBTuxHWUgDrvQ4N9M/kAbOxbKfqfg5iSckFoT6nFu8C3QsRH AqQUFBi6SSstSlq/QhlZCPjcc3ICj8GZeh1WcEXYk8eoq2xwYlDcFonHqS36R19cyizW Aiww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=yOggHuiJNhz4i8/VeYSNMZ8O6Be6h2XQx/++q5d1LHw=; fh=uC6Oaf5bmKXGFq+V4mnFZvoIsVyGakBgZqqPp+w+pO8=; b=KlEhdz/qdCraf+CddTJhuAZlTIuFLIq25WwByagbkXzCe5uGmTP13n9KEmyWnnSnsq muETX5c31e3+51Y6nFuz8dh1TUJXfstVa9mgfmPw8OEORmnJ64nKxMvBOKJJRIzqkBWD jHf2l4q+P02C9ZzKB+LNd49hcBsQCVOUSiJzJpAaDn7hhPupixTcDlavM7PrbxEfAukQ XhJhu6hF/xK+aYqUZfUdl9Uj3lQEDRQde4vWs3yJXQWVWedr1Lg8VaeXYPMkwb30uy6v ijIj6UUTsUnAhyK4Yd2Adlb2okZ+I0gVGbPSb7iyzWx1dsbyBC2ddA5CAui502RcSWqx 5gng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id eg6-20020a056a00800600b00690d25b1988si17953683pfb.30.2023.09.28.03.11.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 03:11:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 9C9E380293EC; Thu, 28 Sep 2023 02:17:33 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231474AbjI1JRG (ORCPT <rfc822;pwkd43@gmail.com> + 21 others); Thu, 28 Sep 2023 05:17:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230242AbjI1JRF (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 28 Sep 2023 05:17:05 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C4CAC0; Thu, 28 Sep 2023 02:17:04 -0700 (PDT) Received: from kwepemi500008.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4Rx76b1wclztT3g; Thu, 28 Sep 2023 17:12:39 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemi500008.china.huawei.com (7.221.188.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Thu, 28 Sep 2023 17:17:01 +0800 From: Jinjie Ruan <ruanjinjie@huawei.com> To: <mdf@kernel.org>, <hao.wu@intel.com>, <yilun.xu@intel.com>, <trix@redhat.com>, <russell.h.weight@intel.com>, <linux-fpga@vger.kernel.org>, <linux-kernel@vger.kernel.org> CC: <ruanjinjie@huawei.com> Subject: [PATCH RESEND] fpga: region: Fix possible memory leak in fpga_region_register_full() Date: Thu, 28 Sep 2023 17:16:36 +0800 Message-ID: <20230928091636.1209914-1-ruanjinjie@huawei.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.90.53.73] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemi500008.china.huawei.com (7.221.188.139) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 28 Sep 2023 02:17:34 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778275742679745390 X-GMAIL-MSGID: 1778275742679745390 |
Series |
[RESEND] fpga: region: Fix possible memory leak in fpga_region_register_full()
|
|
Commit Message
Jinjie Ruan
Sept. 28, 2023, 9:16 a.m. UTC
If device_register() fails in fpga_region_register_full(), the region
allocated by kzalloc() and the id allocated by ida_alloc() also need be
freed otherwise will cause memory leak.
Fixes: 8886a579744f ("fpga: region: Use standard dev_release for class driver")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
---
drivers/fpga/fpga-region.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Comments
On Thu, Sep 28, 2023 at 05:16:36PM +0800, Jinjie Ruan wrote: > If device_register() fails in fpga_region_register_full(), the region > allocated by kzalloc() and the id allocated by ida_alloc() also need be > freed otherwise will cause memory leak. How did you observe the memory leak? Please help provide some trace. Thanks, Yilun > > Fixes: 8886a579744f ("fpga: region: Use standard dev_release for class driver") > Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> > --- > drivers/fpga/fpga-region.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/fpga/fpga-region.c b/drivers/fpga/fpga-region.c > index b364a929425c..9dc6314976ef 100644 > --- a/drivers/fpga/fpga-region.c > +++ b/drivers/fpga/fpga-region.c > @@ -228,12 +228,13 @@ fpga_region_register_full(struct device *parent, const struct fpga_region_info * > > ret = device_register(®ion->dev); > if (ret) { > - put_device(®ion->dev); > - return ERR_PTR(ret); > + goto err_put_device; > } > > return region; > > +err_put_device: > + put_device(®ion->dev); > err_remove: > ida_free(&fpga_region_ida, id); > err_free: > -- > 2.34.1 >
On 9/28/23 02:16, Jinjie Ruan wrote: > If device_register() fails in fpga_region_register_full(), the region > allocated by kzalloc() and the id allocated by ida_alloc() also need be > freed otherwise will cause memory leak. > > Fixes: 8886a579744f ("fpga: region: Use standard dev_release for class driver") > Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> > --- > drivers/fpga/fpga-region.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/fpga/fpga-region.c b/drivers/fpga/fpga-region.c > index b364a929425c..9dc6314976ef 100644 > --- a/drivers/fpga/fpga-region.c > +++ b/drivers/fpga/fpga-region.c > @@ -228,12 +228,13 @@ fpga_region_register_full(struct device *parent, const struct fpga_region_info * > > ret = device_register(®ion->dev); The comments for device_register() say: * NOTE: _Never_ directly free @dev after calling this function, even * if it returned an error! Always use put_device() to give up the * reference initialized in this function instead. Note that dev is embedded in the region structure, so freeing region means freeing dev. The expectation is that after device_register() has been called, even if it returns an error, put_device() is used to lower the reference count. When the reference count is zero, the fpga_region_dev_release() function is called. fpga_region_dev_release() frees calls ida_free() and frees the region. Have you observed different behavior? Do you have evidence of a memory leak? Thanks, - Russ > if (ret) { > - put_device(®ion->dev); > - return ERR_PTR(ret); > + goto err_put_device; > } > > return region; > > +err_put_device: > + put_device(®ion->dev); > err_remove: > ida_free(&fpga_region_ida, id); > err_free:
On 2023/9/28 23:45, Russ Weight wrote: > > > On 9/28/23 02:16, Jinjie Ruan wrote: >> If device_register() fails in fpga_region_register_full(), the region >> allocated by kzalloc() and the id allocated by ida_alloc() also need be >> freed otherwise will cause memory leak. >> >> Fixes: 8886a579744f ("fpga: region: Use standard dev_release for class driver") >> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> >> --- >> drivers/fpga/fpga-region.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/fpga/fpga-region.c b/drivers/fpga/fpga-region.c >> index b364a929425c..9dc6314976ef 100644 >> --- a/drivers/fpga/fpga-region.c >> +++ b/drivers/fpga/fpga-region.c >> @@ -228,12 +228,13 @@ fpga_region_register_full(struct device *parent, const struct fpga_region_info * >> >> ret = device_register(®ion->dev); > > The comments for device_register() say: > > * NOTE: _Never_ directly free @dev after calling this function, even > * if it returned an error! Always use put_device() to give up the > * reference initialized in this function instead. > > Note that dev is embedded in the region structure, so freeing region > means freeing dev. > > The expectation is that after device_register() has been called, even > if it returns an error, put_device() is used to lower the reference > count. When the reference count is zero, the fpga_region_dev_release() > function is called. fpga_region_dev_release() frees calls ida_free() > and frees the region. Right! > > Have you observed different behavior? Do you have evidence of a memory > leak? I have noticed a memory leak in using fpga_region_register_full() in fpga-region-test.c. I'll send the patch sooner. > > Thanks, > - Russ > >> if (ret) { >> - put_device(®ion->dev); >> - return ERR_PTR(ret); >> + goto err_put_device; >> } >> >> return region; >> >> +err_put_device: >> + put_device(®ion->dev); >> err_remove: >> ida_free(&fpga_region_ida, id); >> err_free: >
diff --git a/drivers/fpga/fpga-region.c b/drivers/fpga/fpga-region.c index b364a929425c..9dc6314976ef 100644 --- a/drivers/fpga/fpga-region.c +++ b/drivers/fpga/fpga-region.c @@ -228,12 +228,13 @@ fpga_region_register_full(struct device *parent, const struct fpga_region_info * ret = device_register(®ion->dev); if (ret) { - put_device(®ion->dev); - return ERR_PTR(ret); + goto err_put_device; } return region; +err_put_device: + put_device(®ion->dev); err_remove: ida_free(&fpga_region_ida, id); err_free: