Re: [PATCH v2] phy: qcom-qusb2: Fix a memory leak on probe
From: Bjorn Andersson <hidden>
Date: 2021-09-23 14:18:06
Also in:
linux-arm-msm
On Wed 22 Sep 16:35 PDT 2021, Vladimir Zapolskiy wrote:
On success nvmem_cell_read() returns a pointer to a dynamically allocated
buffer, and therefore it shall be freed after usage.
The issue is reported by kmemleak:
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff3b3803e4b280 (size 128):
comm "kworker/u16:1", pid 107, jiffies 4294892861 (age 94.120s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000007739afdc>] __kmalloc+0x27c/0x41c
[<0000000071c0fbf8>] nvmem_cell_read+0x40/0xe0
[<00000000e803ef1f>] qusb2_phy_init+0x258/0x5bc
[<00000000fc81fcfa>] phy_init+0x70/0x110
[<00000000e3d48a57>] dwc3_core_soft_reset+0x4c/0x234
[<0000000027d1dbd4>] dwc3_core_init+0x68/0x990
[<000000001965faf9>] dwc3_probe+0x4f4/0x730
[<000000002f7617ca>] platform_probe+0x74/0xf0
[<00000000a2576cac>] really_probe+0xc4/0x470
[<00000000bc77f2c5>] __driver_probe_device+0x11c/0x190
[<00000000130db71f>] driver_probe_device+0x48/0x110
[<0000000019f36c2b>] __device_attach_driver+0xa4/0x140
[<00000000e5812ff7>] bus_for_each_drv+0x84/0xe0
[<00000000f4bac574>] __device_attach+0xe4/0x1c0
[<00000000d3beb631>] device_initial_probe+0x20/0x30
[<000000008019b9db>] bus_probe_device+0xa4/0xb0
Fixes: ca04d9d3e1b1 ("phy: qcom-qusb2: New driver for QUSB2 PHY on Qcom chips")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
---
Changes from v1 to v2:
* fixed a memory leak in case of reading a zero value and return,
* corrected the fixed commit, the memory leak is present before a rename.Should have read your two replies in opposite order and missed your reason for not going to the newer API and the fact that v1 still leaks the memory if the read value is 0. So, this looks good and as you said, we should follow up with a cleanup by replacing the nvmem_cell_read(). Reviewed-by: Bjorn Andersson <redacted> Thanks, Bjorn
quoted hunk ↗ jump to hunk
drivers/phy/qualcomm/phy-qcom-qusb2.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)diff --git a/drivers/phy/qualcomm/phy-qcom-qusb2.c b/drivers/phy/qualcomm/phy-qcom-qusb2.c index 3c1d3b71c825..f1d97fbd1331 100644 --- a/drivers/phy/qualcomm/phy-qcom-qusb2.c +++ b/drivers/phy/qualcomm/phy-qcom-qusb2.c@@ -561,7 +561,7 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy) { struct device *dev = &qphy->phy->dev; const struct qusb2_phy_cfg *cfg = qphy->cfg; - u8 *val; + u8 *val, hstx_trim; /* efuse register is optional */ if (!qphy->cell)@@ -575,7 +575,13 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy) * set while configuring the phy. */ val = nvmem_cell_read(qphy->cell, NULL); - if (IS_ERR(val) || !val[0]) { + if (IS_ERR(val)) { + dev_dbg(dev, "failed to read a valid hs-tx trim value\n"); + return; + } + hstx_trim = val[0]; + kfree(val); + if (!hstx_trim) { dev_dbg(dev, "failed to read a valid hs-tx trim value\n"); return; }@@ -583,12 +589,10 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy) /* Fused TUNE1/2 value is the higher nibble only */ if (cfg->update_tune1_with_efuse) qusb2_write_mask(qphy->base, cfg->regs[QUSB2PHY_PORT_TUNE1], - val[0] << HSTX_TRIM_SHIFT, - HSTX_TRIM_MASK); + hstx_trim << HSTX_TRIM_SHIFT, HSTX_TRIM_MASK); else qusb2_write_mask(qphy->base, cfg->regs[QUSB2PHY_PORT_TUNE2], - val[0] << HSTX_TRIM_SHIFT, - HSTX_TRIM_MASK); + hstx_trim << HSTX_TRIM_SHIFT, HSTX_TRIM_MASK); } static int qusb2_phy_set_mode(struct phy *phy,-- 2.33.0
-- linux-phy mailing list linux-phy@lists.infradead.org https://lists.infradead.org/mailman/listinfo/linux-phy