Hi,

url:    https://github.com/0day-ci/linux/commits/frowand-list-gmail-com/of-unittest-overlay-ensure-proper-alignment-of-copied-FDT/20210408-045317 
base:   https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git  for-next
config: i386-randconfig-m021-20210407 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
drivers/of/overlay.c:1045 of_overlay_fdt_apply() warn: overwrite may leak 'new_fdt'

vim +/new_fdt +1045 drivers/of/overlay.c

39a751a4cb7e47 Frank Rowand      2018-02-12  1015  int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
39a751a4cb7e47 Frank Rowand      2018-02-12  1016  			 int *ovcs_id)
39a751a4cb7e47 Frank Rowand      2018-02-12  1017  {
7a18fbf9013a19 Frank Rowand      2021-04-07  1018  	void *new_fdt;
39a751a4cb7e47 Frank Rowand      2018-02-12  1019  	int ret;
39a751a4cb7e47 Frank Rowand      2018-02-12  1020  	u32 size;
39a751a4cb7e47 Frank Rowand      2018-02-12  1021  	struct device_node *overlay_root;
39a751a4cb7e47 Frank Rowand      2018-02-12  1022  
39a751a4cb7e47 Frank Rowand      2018-02-12  1023  	*ovcs_id = 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1024  	ret = 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1025  
39a751a4cb7e47 Frank Rowand      2018-02-12  1026  	if (overlay_fdt_size < sizeof(struct fdt_header) ||
39a751a4cb7e47 Frank Rowand      2018-02-12  1027  	    fdt_check_header(overlay_fdt)) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1028  		pr_err("Invalid overlay_fdt header\n");
39a751a4cb7e47 Frank Rowand      2018-02-12  1029  		return -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1030  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1031  
39a751a4cb7e47 Frank Rowand      2018-02-12  1032  	size = fdt_totalsize(overlay_fdt);
39a751a4cb7e47 Frank Rowand      2018-02-12  1033  	if (overlay_fdt_size < size)
39a751a4cb7e47 Frank Rowand      2018-02-12  1034  		return -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1035  
39a751a4cb7e47 Frank Rowand      2018-02-12  1036  	/*
39a751a4cb7e47 Frank Rowand      2018-02-12  1037  	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
39a751a4cb7e47 Frank Rowand      2018-02-12  1038  	 * will create pointers to the passed in FDT in the unflattened tree.
39a751a4cb7e47 Frank Rowand      2018-02-12  1039  	 */
7a18fbf9013a19 Frank Rowand      2021-04-07  1040  	size += FDT_ALIGN_SIZE;
7a18fbf9013a19 Frank Rowand      2021-04-07  1041  	new_fdt = kmalloc(size, GFP_KERNEL);
39a751a4cb7e47 Frank Rowand      2018-02-12  1042  	if (!new_fdt)
39a751a4cb7e47 Frank Rowand      2018-02-12  1043  		return -ENOMEM;
39a751a4cb7e47 Frank Rowand      2018-02-12  1044  
7a18fbf9013a19 Frank Rowand      2021-04-07 @1045  	new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
                                                        ^^^^^^^
We're not freeing the exact same pointer that we allocated.

7a18fbf9013a19 Frank Rowand      2021-04-07  1046  	memcpy(new_fdt, overlay_fdt, size);
7a18fbf9013a19 Frank Rowand      2021-04-07  1047  
39a751a4cb7e47 Frank Rowand      2018-02-12  1048  	of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
39a751a4cb7e47 Frank Rowand      2018-02-12  1049  	if (!overlay_root) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1050  		pr_err("unable to unflatten overlay_fdt\n");
39a751a4cb7e47 Frank Rowand      2018-02-12  1051  		ret = -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1052  		goto out_free_new_fdt;
39a751a4cb7e47 Frank Rowand      2018-02-12  1053  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1054  
39a751a4cb7e47 Frank Rowand      2018-02-12  1055  	ret = of_overlay_apply(new_fdt, overlay_root, ovcs_id);
39a751a4cb7e47 Frank Rowand      2018-02-12  1056  	if (ret < 0) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1057  		/*
39a751a4cb7e47 Frank Rowand      2018-02-12  1058  		 * new_fdt and overlay_root now belong to the overlay
39a751a4cb7e47 Frank Rowand      2018-02-12  1059  		 * changeset.
39a751a4cb7e47 Frank Rowand      2018-02-12  1060  		 * overlay changeset code is responsible for freeing them.
39a751a4cb7e47 Frank Rowand      2018-02-12  1061  		 */
39a751a4cb7e47 Frank Rowand      2018-02-12  1062  		goto out;
39a751a4cb7e47 Frank Rowand      2018-02-12  1063  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1064  
39a751a4cb7e47 Frank Rowand      2018-02-12  1065  	return 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1066  
39a751a4cb7e47 Frank Rowand      2018-02-12  1067  
39a751a4cb7e47 Frank Rowand      2018-02-12  1068  out_free_new_fdt:
39a751a4cb7e47 Frank Rowand      2018-02-12  1069  	kfree(new_fdt);
39a751a4cb7e47 Frank Rowand      2018-02-12  1070  
39a751a4cb7e47 Frank Rowand      2018-02-12  1071  out:
39a751a4cb7e47 Frank Rowand      2018-02-12  1072  	return ret;
39a751a4cb7e47 Frank Rowand      2018-02-12  1073  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org