[PATCH] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[PATCH] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[chenyuan_fl]

From: Yuan CHen <chenyuan@kylinos.cn>

In the current implementation, when krealloc_array() fails, the original memory
pointer is incorrectly set to NULL after kfree(), resulting in a memory leak
during reallocation failure.

Fixes: 6aa17547649 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>
---
 drivers/clk/renesas/renesas-cpg-mssr.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/clk/renesas/renesas-cpg-mssr.c b/drivers/clk/renesas/renesas-cpg-mssr.c
index 5ff6ee1f7d4b..de1cf7ba45b7 100644
--- a/drivers/clk/renesas/renesas-cpg-mssr.c
+++ b/drivers/clk/renesas/renesas-cpg-mssr.c
@@ -1082,6 +1082,7 @@ static int __init cpg_mssr_reserved_init(struct cpg_mssr_priv *priv,
 
 		of_for_each_phandle(&it, rc, node, "clocks", "#clock-cells", -1) {
 			int idx;
+			unsigned int *new_ids;
 
 			if (it.node != priv->np)
 				continue;
@@ -1092,11 +1093,13 @@ static int __init cpg_mssr_reserved_init(struct cpg_mssr_priv *priv,
 			if (args[0] != CPG_MOD)
 				continue;
 
-			ids = krealloc_array(ids, (num + 1), sizeof(*ids), GFP_KERNEL);
-			if (!ids) {
+			new_ids = krealloc_array(ids, (num + 1), sizeof(*ids), GFP_KERNEL);
+			if (!new_ids) {
 				of_node_put(it.node);
+				kfree(ids);
 				return -ENOMEM;
 			}
+			ids = new_ids;
 
 			if (priv->reg_layout == CLK_REG_LAYOUT_RZ_A)
 				idx = MOD_CLK_PACK_10(args[1]);	/* for DEF_MOD_STB() */
-- 
2.39.5

Re: [PATCH] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[Kuninori Morimoto]

Hi chenyuan

Thank you for your patch

> In the current implementation, when krealloc_array() fails, the original memory
> pointer is incorrectly set to NULL after kfree(), resulting in a memory leak
> during reallocation failure.
> 
> Fixes: 6aa17547649 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
> Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>

Basically, I can agree that current code has memory leak issue.

But what does "the original memory pointer is incorrectly set to NULL after
kfree()," mean ? I guess git-log needs update ?

Thank you for your help !!

Best regards
---
Kuninori Morimoto

[PATCH v2] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[chenyuan_fl]

From: Yuan CHen <chenyuan@kylinos.cn>

In the current implementation, when krealloc_array() fails, the error handling path
incorrectly sets the original memory pointer to NULL before it is freed,
resulting in a memory leak during reallocation failure.

Fixes: 6aa17547649 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>
---
 drivers/clk/renesas/renesas-cpg-mssr.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/clk/renesas/renesas-cpg-mssr.c b/drivers/clk/renesas/renesas-cpg-mssr.c
index 5ff6ee1f7d4b..de1cf7ba45b7 100644
--- a/drivers/clk/renesas/renesas-cpg-mssr.c
+++ b/drivers/clk/renesas/renesas-cpg-mssr.c
@@ -1082,6 +1082,7 @@ static int __init cpg_mssr_reserved_init(struct cpg_mssr_priv *priv,
 
 		of_for_each_phandle(&it, rc, node, "clocks", "#clock-cells", -1) {
 			int idx;
+			unsigned int *new_ids;
 
 			if (it.node != priv->np)
 				continue;
@@ -1092,11 +1093,13 @@ static int __init cpg_mssr_reserved_init(struct cpg_mssr_priv *priv,
 			if (args[0] != CPG_MOD)
 				continue;
 
-			ids = krealloc_array(ids, (num + 1), sizeof(*ids), GFP_KERNEL);
-			if (!ids) {
+			new_ids = krealloc_array(ids, (num + 1), sizeof(*ids), GFP_KERNEL);
+			if (!new_ids) {
 				of_node_put(it.node);
+				kfree(ids);
 				return -ENOMEM;
 			}
+			ids = new_ids;
 
 			if (priv->reg_layout == CLK_REG_LAYOUT_RZ_A)
 				idx = MOD_CLK_PACK_10(args[1]);	/* for DEF_MOD_STB() */
-- 
2.39.5

Re: [PATCH v2] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[Kuninori Morimoto]

Hi chenyuan

Thank you for the patch

> In the current implementation, when krealloc_array() fails, the error handling path
> incorrectly sets the original memory pointer to NULL before it is freed,
> resulting in a memory leak during reallocation failure.
> 
> Fixes: 6aa17547649 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
> Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>

You want to use ${LINUX}/scripts/checkpatch.pl to get maximum 75 chars warning

Patch itself is agree, but I still don't understand the git-log.

	incorrectly sets the original memory pointer to NULL before it is freed,

I still don't understand this part. which part are you talking about ?
What does this "original memory pointer" mean ? And what does this "freed"
mean ? freed what ??

I guess you want to indicate is like this ?

	In case of krealloc_array() failure, current error handling just
	returns from function without freeing alloced array.
	It cause a memory leak. Fixup it.

Thank you for your help !!

Best regards
---
Kuninori Morimoto

Re: [PATCH v2] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[Geert Uytterhoeven]

On Mon, 8 Sept 2025 at 04:02, Kuninori Morimoto
<kuninori.morimoto.gx@renesas.com> wrote:
> > In the current implementation, when krealloc_array() fails, the error handling path
> > incorrectly sets the original memory pointer to NULL before it is freed,
> > resulting in a memory leak during reallocation failure.
> >
> > Fixes: 6aa17547649 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
> > Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>
>
> You want to use ${LINUX}/scripts/checkpatch.pl to get maximum 75 chars warning
>
> Patch itself is agree, but I still don't understand the git-log.
>
>         incorrectly sets the original memory pointer to NULL before it is freed,
>
> I still don't understand this part. which part are you talking about ?
> What does this "original memory pointer" mean ? And what does this "freed"
> mean ? freed what ??
>
> I guess you want to indicate is like this ?
>
>         In case of krealloc_array() failure, current error handling just
>         returns from function without freeing alloced array.
>         It cause a memory leak. Fixup it.

Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
i.e. will queue in renesas-clk for v6.18, with the patch description
reworded.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

[PATCH] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[chenyuan_fl]

From: Yuan CHen <chenyuan@kylinos.cn>

In case of krealloc_array() failure, current error handling just
returns from function without freeing alloced array. It cause a
memory leak. Fixup it.

Fixes: 6aa175476490 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>
---
 drivers/clk/renesas/renesas-cpg-mssr.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/clk/renesas/renesas-cpg-mssr.c b/drivers/clk/renesas/renesas-cpg-mssr.c
index 5ff6ee1f7d4b..de1cf7ba45b7 100644
--- a/drivers/clk/renesas/renesas-cpg-mssr.c
+++ b/drivers/clk/renesas/renesas-cpg-mssr.c
@@ -1082,6 +1082,7 @@ static int __init cpg_mssr_reserved_init(struct cpg_mssr_priv *priv,
 
 		of_for_each_phandle(&it, rc, node, "clocks", "#clock-cells", -1) {
 			int idx;
+			unsigned int *new_ids;
 
 			if (it.node != priv->np)
 				continue;
@@ -1092,11 +1093,13 @@ static int __init cpg_mssr_reserved_init(struct cpg_mssr_priv *priv,
 			if (args[0] != CPG_MOD)
 				continue;
 
-			ids = krealloc_array(ids, (num + 1), sizeof(*ids), GFP_KERNEL);
-			if (!ids) {
+			new_ids = krealloc_array(ids, (num + 1), sizeof(*ids), GFP_KERNEL);
+			if (!new_ids) {
 				of_node_put(it.node);
+				kfree(ids);
 				return -ENOMEM;
 			}
+			ids = new_ids;
 
 			if (priv->reg_layout == CLK_REG_LAYOUT_RZ_A)
 				idx = MOD_CLK_PACK_10(args[1]);	/* for DEF_MOD_STB() */
-- 
2.39.5

Re: [PATCH] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[Kuninori Morimoto]

Hi chenyuan, Geet

Thank you for the patch

> In case of krealloc_array() failure, current error handling just
> returns from function without freeing alloced array. It cause a
> memory leak. Fixup it.
> 
> Fixes: 6aa175476490 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
> Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>
> ---

I think Geet already applied this patch with fixing git-log, but

Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>

Thank you for your help !!

Best regards
---
Kuninori Morimoto

Re: [PATCH] clk: renesas: fix memory leak in cpg_mssr_reserved_init()

[Kuninori Morimoto]

Hi chenyuan, Geet

# It seems 1st mail had strange header, repost

Thank you for the patch

> In case of krealloc_array() failure, current error handling just
> returns from function without freeing alloced array. It cause a
> memory leak. Fixup it.
> 
> Fixes: 6aa175476490 ("clk: renesas: cpg-mssr: Ignore all clocks assigned to non-Linux system")
> Signed-off-by: Yuan CHen <chenyuan@kylinos.cn>
> ---

I think Geet already applied this patch with fixing git-log, but

Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>

Thank you for your help !!

Best regards
---
Kuninori Morimoto