Re: [PATCH] drm/amdgpu: Fix double free in amdgpu_get_xgmi_hive

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Felix Kuehling <felix.kuehling@amd.com>
To: "Miaoqian Lin" <linmq006@gmail.com>,
	"Alex Deucher" <alexander.deucher@amd.com>,
	"Christian König" <christian.koenig@amd.com>,
	"Pan, Xinhui" <Xinhui.Pan@amd.com>,
	"David Airlie" <airlied@linux.ie>,
	"Daniel Vetter" <daniel@ffwll.ch>,
	"Hawking Zhang" <Hawking.Zhang@amd.com>,
	"John Clements" <john.clements@amd.com>,
	"Jonathan Kim" <jonathan.kim@amd.com>,
	"Bernard Zhao" <bernard@vivo.com>,
	"Kevin Wang" <kevin1.wang@amd.com>,
	shaoyunl <shaoyun.liu@amd.com>,
	"Tian Tao" <tiantao6@hisilicon.com>,
	amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drm/amdgpu: Fix double free in amdgpu_get_xgmi_hive
Date: Thu, 20 Jan 2022 13:04:02 -0500	[thread overview]
Message-ID: <33f459af-7731-fb39-ec6f-059cf1a77bb4@amd.com> (raw)
In-Reply-To: <20220120101746.24847-1-linmq006@gmail.com>

Am 2022-01-20 um 5:17 a.m. schrieb Miaoqian Lin:
> Callback function amdgpu_xgmi_hive_release() in kobject_put()
> calls kfree(hive), So we don't need call kfree(hive) again.
>
> Fixes: 7b833d680481 ("drm/amd/amdgpu: fix potential memleak")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>

The patch is

Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>

This kobject_init_and_add error handling semantics is very unintuitive,
and we keep stumbling over it. I wonder is there is a better way to
handle this. Basically, this is what it looks like, when done correctly:

    foo = kzalloc(sizeof(*foo), GFP_KERNEL);
    if (!foo)
    	return -ENOMEM;
    r = kobject_init_and_add(&foo->kobj, &foo_type, &parent, "foo_name");
    if (r) {
    	/* OK, initialization failed, but I still need to
    	 * clean up manually as if the call had succeeded.
    	 */
    	kobject_put(&foo->kobj);
    	/* Don't kfree foo, because that's already done by
    	 * a callback setup by the call that failed above.
    	 */
    	return r;
    }

Given that unintuitive behaviour, I'd argue that kobject_init_and_add
fails as an abstraction. Code would be clearer, more intuitive and safer
by calling kobject_init and kobject_add separately itself.
kobject_init_and_add saves you typing exactly one line of code, and it's
just not worth it:

    foo = kzalloc(sizeof(*foo), GFP_KERNEL);
    if (!foo)
    	return -ENOMEM;
    kobject_init(&foo->kobj, &foo_type); /* never fails */
    r = kobject_add(&foo->kobj, &parent, "foo_name");
    if (r) {
    	/* since kobj_init succeeded, it's obvious that kobj_put
    	 * is the right thing to do to handle all the cleanup.
    	 */
    	kobject_put(&foo->kobj);
    	return r;
    }

Regards,
  Felix

> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c
> index e8b8f28c2f72..35d4b966ef2c 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c
> @@ -393,7 +393,6 @@ struct amdgpu_hive_info *amdgpu_get_xgmi_hive(struct amdgpu_device *adev)
>  	if (ret) {
>  		dev_err(adev->dev, "XGMI: failed initializing kobject for xgmi hive\n");
>  		kobject_put(&hive->kobj);
> -		kfree(hive);
>  		hive = NULL;
>  		goto pro_end;
>  	}

     prev parent reply	other threads:[~2022-01-20 18:04 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-20 10:17 [PATCH] drm/amdgpu: Fix double free in amdgpu_get_xgmi_hive Miaoqian Lin
2022-01-20 18:04 ` Felix Kuehling [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33f459af-7731-fb39-ec6f-059cf1a77bb4@amd.com \
    --to=felix.kuehling@amd.com \
    --cc=Hawking.Zhang@amd.com \
    --cc=Xinhui.Pan@amd.com \
    --cc=airlied@linux.ie \
    --cc=alexander.deucher@amd.com \
    --cc=amd-gfx@lists.freedesktop.org \
    --cc=bernard@vivo.com \
    --cc=christian.koenig@amd.com \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=john.clements@amd.com \
    --cc=jonathan.kim@amd.com \
    --cc=kevin1.wang@amd.com \
    --cc=linmq006@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=shaoyun.liu@amd.com \
    --cc=tiantao6@hisilicon.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.