From: Marion et Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: minyard@acm.org, zweiss@equinix.com, andrew@aj.id.au,
openipmi-developer@lists.sourceforge.net,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()'
Date: Wed, 8 Sep 2021 08:50:14 +0200 (CEST) [thread overview]
Message-ID: <450800047.345.1631083814685.JavaMail.www@wwinf1e33> (raw)
In-Reply-To: <20210908062719.GO1957@kadam>
> Message du 08/09/21 08:28
> De : "Dan Carpenter"
> A : "Christophe JAILLET"
> Copie à : minyard@acm.org, zweiss@equinix.com, andrew@aj.id.au, openipmi-developer@lists.sourceforge.net, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
> Objet : Re: [PATCH] ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()'
>
> On Tue, Sep 07, 2021 at 11:06:32PM +0200, Christophe JAILLET wrote:
> > In the unlikely event where 'devm_kzalloc()' fails and 'kzalloc()'
> > succeeds, 'port' would be leaking.
> >
> > Test each allocation separately to avoid the leak.
> >
> > Fixes: 3a3d2f6a4c64 ("ipmi: kcs_bmc: Add serio adaptor")
> > Signed-off-by: Christophe JAILLET
> > ---
> > drivers/char/ipmi/kcs_bmc_serio.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/char/ipmi/kcs_bmc_serio.c b/drivers/char/ipmi/kcs_bmc_serio.c
> > index 7948cabde50b..7e2067628a6c 100644
> > --- a/drivers/char/ipmi/kcs_bmc_serio.c
> > +++ b/drivers/char/ipmi/kcs_bmc_serio.c
> > @@ -73,10 +73,12 @@ static int kcs_bmc_serio_add_device(struct kcs_bmc_device *kcs_bmc)
> > struct serio *port;
> >
> > priv = devm_kzalloc(kcs_bmc->dev, sizeof(*priv), GFP_KERNEL);
> > + if (!priv)
> > + return -ENOMEM;
> >
> > /* Use kzalloc() as the allocation is cleaned up with kfree() via serio_unregister_port() */
>
> The serio_unregister_port() calls serio_destroy_port() which calls
> put_device(&serio->dev). But I wasn't able to track it further than
> that to the actual kfree().
Hi Dan,
Checking this release path was not the goal of this patch.
It was only about the VERRYYYY unlikely memory leak.
However my understanding is:
kcs_bmc_serio_add_device
--> serio_register_port
--> __serio_register_port
--> serio_init_port
--> serio->dev.release = serio_release_port
And in serio_release_port:
struct serio *serio = to_serio_port(dev);
kfree(serio);
For me, this 'serio' looks to the one allocated by 'kcs_bmc_serio_add_device'.
I think that the comment is correct.
CJ
>
> Is there a trick to finding ->release() functions?
>
> regards,
> dan carpenter
>
>
>
next prev parent reply other threads:[~2021-09-08 6:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-07 21:06 [PATCH] ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()' Christophe JAILLET
2021-09-08 6:27 ` Dan Carpenter
2021-09-08 6:50 ` Marion et Christophe JAILLET [this message]
2021-09-08 11:32 ` Dan Carpenter
2021-10-29 4:09 ` Andrew Jeffery
2021-10-29 12:25 ` Corey Minyard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=450800047.345.1631083814685.JavaMail.www@wwinf1e33 \
--to=christophe.jaillet@wanadoo.fr \
--cc=andrew@aj.id.au \
--cc=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minyard@acm.org \
--cc=openipmi-developer@lists.sourceforge.net \
--cc=zweiss@equinix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox