On Mon, 17 Sep 2018 17:15:31 +0800 nixiaoming <nixiaom...@huawei.com> wrote:
> 1, memory leak in ramoops_register_dummy.
> dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
> but no free when platform_device_register_data return fail
>
> 2, if kzalloc(sizeof(*dummy_data), GFP_KERNEL) return NULL,
> but platform_driver_register(&ramoops_driver) return 0
> kfree(NULL) in ramoops_exit
> so, add return val for ramoops_register_dummy, and check it in ramoops_init
>
> 3, memory leak in ramoops_init.
> miss platform_device_unregister(dummy) and kfree(dummy_data)
> when platform_driver_register(&ramoops_driver) return fail
Looks right.
It's unclear (to me) who maintains fs/pstore/ram.c. Let's add some
Cc's and see if we can catch a reviewed-by.
From: nixiaoming <nixiaom...@huawei.com>
Subject: fs/pstore/ram.c: fix memory leak in ramoops_init()
1, memory leak in ramoops_register_dummy.
dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
but no free when platform_device_register_data return fail
2, if kzalloc(sizeof(*dummy_data), GFP_KERNEL) return NULL,
but platform_driver_register(&ramoops_driver) return 0
kfree(NULL) in ramoops_exit
so, add return val for ramoops_register_dummy, and check it in ramoops_init
3, memory leak in ramoops_init.
miss platform_device_unregister(dummy) and kfree(dummy_data)
when platform_driver_register(&ramoops_driver) return fail
Link: http://lkml.kernel.org/r/20180917091531.21356-1-nixiaom...@huawei.com
Signed-off-by: nixiaoming <nixiaom...@huawei.com>
Cc: Jan Kara <j...@suse.cz>
Cc: Amir Goldstein <amir7...@gmail.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Joel Fernandes <joe...@google.com>
Cc: Geliang Tang <geliangt...@gmail.com>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
---
fs/pstore/ram.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
--- a/fs/pstore/ram.c~fix-memory-leak-in-ramoops_init
+++ a/fs/pstore/ram.c
@@ -898,17 +898,17 @@ static struct platform_driver ramoops_dr
},
};
-static void ramoops_register_dummy(void)
+static int ramoops_register_dummy(void)
{
if (!mem_size)
- return;
+ return -EINVAL;
pr_info("using module parameters\n");
dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
if (!dummy_data) {
pr_info("could not allocate pdata\n");
- return;
+ return -ENOMEM;
}
dummy_data->mem_size = mem_size;
@@ -932,13 +932,25 @@ static void ramoops_register_dummy(void)
if (IS_ERR(dummy)) {
pr_info("could not create platform device: %ld\n",
PTR_ERR(dummy));
+ kfree(dummy_data);
+ return PTR_ERR(dummy);
}
+ return 0;
}
static int __init ramoops_init(void)
{
- ramoops_register_dummy();
- return platform_driver_register(&ramoops_driver);
+ int ret = ramoops_register_dummy();
+
+ if (ret != 0)
+ return ret;
+
+ ret = platform_driver_register(&ramoops_driver);
+ if (ret != 0) {
+ platform_device_unregister(dummy);
+ kfree(dummy_data);
+ }
+ return ret;
}
late_initcall(ramoops_init);
_
