clk: rockchip: Fix memory leak in rockchip_clk_register_pll()

Message ID 20221123032237.64567-1-xiujianfeng@huawei.com
State New
Headers
Series clk: rockchip: Fix memory leak in rockchip_clk_register_pll() |

Commit Message

Xiu Jianfeng Nov. 23, 2022, 3:22 a.m. UTC
  If clk_register() fails, @pll->rate_table may have allocated memory by
kmemdup(), so it needs to be freed, otherwise will cause memory leak
issue, this patch fixes it.

Fixes: 90c590254051 ("clk: rockchip: add clock type for pll clocks and pll used on rk3066")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
---
 drivers/clk/rockchip/clk-pll.c | 1 +
 1 file changed, 1 insertion(+)
  

Comments

Heiko Stübner Nov. 23, 2022, 9:01 a.m. UTC | #1
Hi,

Am Mittwoch, 23. November 2022, 04:22:37 CET schrieb Xiu Jianfeng:
> If clk_register() fails, @pll->rate_table may have allocated memory by
> kmemdup(), so it needs to be freed, otherwise will cause memory leak
> issue, this patch fixes it.
> 
> Fixes: 90c590254051 ("clk: rockchip: add clock type for pll clocks and pll used on rk3066")
> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
> ---
>  drivers/clk/rockchip/clk-pll.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
> index 4b9840994295..dc4ce280d125 100644
> --- a/drivers/clk/rockchip/clk-pll.c
> +++ b/drivers/clk/rockchip/clk-pll.c
> @@ -1200,6 +1200,7 @@ struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
>  	clk_unregister(mux_clk);
>  	mux_clk = pll_clk;
>  err_mux:
> +	kfree(pll->rate_table);

I think this free needs to go up to the err_pll block.

In the code it is
- clk_register(pll_mux->hw)   -> err_mux
- kmemdup
- clk_register(pll->hw)	-> err_pll

so the kfree for the rate-table should probably
be at
	err_pll:
		kfree(rate_table)
		clk_unregister(mux_clk);
		...


Heiko

>  	kfree(pll);
>  	return mux_clk;
>  }
>
  
Xiu Jianfeng Nov. 23, 2022, 9:21 a.m. UTC | #2
Hi,

在 2022/11/23 17:01, Heiko Stuebner 写道:
> Hi,
> 
> Am Mittwoch, 23. November 2022, 04:22:37 CET schrieb Xiu Jianfeng:
>> If clk_register() fails, @pll->rate_table may have allocated memory by
>> kmemdup(), so it needs to be freed, otherwise will cause memory leak
>> issue, this patch fixes it.
>>
>> Fixes: 90c590254051 ("clk: rockchip: add clock type for pll clocks and pll used on rk3066")
>> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
>> ---
>>   drivers/clk/rockchip/clk-pll.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
>> index 4b9840994295..dc4ce280d125 100644
>> --- a/drivers/clk/rockchip/clk-pll.c
>> +++ b/drivers/clk/rockchip/clk-pll.c
>> @@ -1200,6 +1200,7 @@ struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
>>   	clk_unregister(mux_clk);
>>   	mux_clk = pll_clk;
>>   err_mux:
>> +	kfree(pll->rate_table);
> 
> I think this free needs to go up to the err_pll block.
> 
> In the code it is
> - clk_register(pll_mux->hw)   -> err_mux
> - kmemdup
> - clk_register(pll->hw)	-> err_pll
> 
> so the kfree for the rate-table should probably
> be at
> 	err_pll:
> 		kfree(rate_table)

Thanks for you review, I think here should be kfree(pll->rate_table) 
instead of kfree(rate_table), because @rate_table is the intput param 
while pll->rate_table is the new allocated memory.

v2 already sent.

> 		clk_unregister(mux_clk);
> 		...
> 
> 
> Heiko
> 
>>   	kfree(pll);
>>   	return mux_clk;
>>   }
>>
> 
> 
> 
> 
> 
> .
>
  

Patch

diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
index 4b9840994295..dc4ce280d125 100644
--- a/drivers/clk/rockchip/clk-pll.c
+++ b/drivers/clk/rockchip/clk-pll.c
@@ -1200,6 +1200,7 @@  struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
 	clk_unregister(mux_clk);
 	mux_clk = pll_clk;
 err_mux:
+	kfree(pll->rate_table);
 	kfree(pll);
 	return mux_clk;
 }