All of lore.kernel.org
 help / color / mirror / Atom feed
From: Anel Orazgaliyeva <anelkz@amazon.de>
To: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: Aman Priyadarshi <apeureka@amazon.de>,
	Daniel Lezcano <daniel.lezcano@linaro.org>,
	<linux-pm@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] cpuidle: Fix memory leaks
Date: Wed, 15 Sep 2021 15:44:41 +0000	[thread overview]
Message-ID: <20210915154440.GA34487@dev-dsk-anelkz-1b-031e727b.eu-west-1.amazon.com> (raw)
In-Reply-To: <CAJZ5v0ghTGx_1Y5R07pJ9CkTxrMjs=nj2UefeJn6Yh5ud2uP2A@mail.gmail.com>

> On Wed, Sep 15, 2021 at 02:14:56PM +0200, Rafael J. Wysocki wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> On Mon, Sep 6, 2021 at 8:35 PM Anel Orazgaliyeva <anelkz@amazon.de> wrote:
> >
> > Commit c343bf1ba5ef ("cpuidle: Fix three reference count leaks")
> > fixes the cleanup of kobjects; however, it removes kfree() calls
> > altogether, leading to memory leaks.
> 
> Wait, won't the cleanup be done by cpuidle_free_state_kobj()?

For state cleanup, cpuidle_free_state_kobj() is called on the all the previously created kobjs:

error_state:
        for (i = i - 1; i >= 0; i--)
                cpuidle_free_state_kobj(device, i);

so we still need to cleanup the kobj created in the current iteration.


For overall sysfs, the flow is as follows:

cpuidle_register_device
     ret = cpuidle_add_sysfs(dev);
    if (ret)
        goto out_unregister;

out_unregister:
    __cpuidle_unregister_device(dev);
   goto out_unlock;

so when there is an error in cpuidle_add_sysfs() dev doesn’t get freed.

> 
> > Fix those and also defer the initialization of dev->kobj_dev until
> > after the error check, so that we do not end up with a dangling
> > pointer.
> >
> > Signed-off-by: Anel Orazgaliyeva <anelkz@amazon.de>
> > Suggested-by: Aman Priyadarshi <apeureka@amazon.de>
> > ---
> >  drivers/cpuidle/sysfs.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
> > index 53ec9585ccd4..469e18547d06 100644
> > --- a/drivers/cpuidle/sysfs.c
> > +++ b/drivers/cpuidle/sysfs.c
> > @@ -488,6 +488,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
> >                                            &kdev->kobj, "state%d", i);
> >                 if (ret) {
> >                         kobject_put(&kobj->kobj);
> > +                       kfree(kobj);
> >                         goto error_state;
> >                 }
> >                 cpuidle_add_s2idle_attr_group(kobj);
> > @@ -619,6 +620,7 @@ static int cpuidle_add_driver_sysfs(struct cpuidle_device *dev)
> >                                    &kdev->kobj, "driver");
> >         if (ret) {
> >                 kobject_put(&kdrv->kobj);
> > +               kfree(kdrv);
> >                 return ret;
> >         }
> >
> > @@ -705,7 +707,6 @@ int cpuidle_add_sysfs(struct cpuidle_device *dev)
> >         if (!kdev)
> >                 return -ENOMEM;
> >         kdev->dev = dev;
> > -       dev->kobj_dev = kdev;
> >
> >         init_completion(&kdev->kobj_unregister);
> >
> > @@ -713,9 +714,11 @@ int cpuidle_add_sysfs(struct cpuidle_device *dev)
> >                                    "cpuidle");
> >         if (error) {
> >                 kobject_put(&kdev->kobj);
> > +               kfree(kdev);
> >                 return error;
> >         }
> >
> > +       dev->kobj_dev = kdev;
> >         kobject_uevent(&kdev->kobj, KOBJ_ADD);
> >
> >         return 0;
> > --
> > 2.32.0
> >
> >
> >
> >
> > Amazon Development Center Germany GmbH
> > Krausenstr. 38
> > 10117 Berlin
> > Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
> > Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> > Sitz: Berlin
> > Ust-ID: DE 289 237 879

On Wed, Sep 15, 2021 at 02:14:56PM +0200, Rafael J. Wysocki wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> On Mon, Sep 6, 2021 at 8:35 PM Anel Orazgaliyeva <anelkz@amazon.de> wrote:
> >
> > Commit c343bf1ba5ef ("cpuidle: Fix three reference count leaks")
> > fixes the cleanup of kobjects; however, it removes kfree() calls
> > altogether, leading to memory leaks.
> 
> Wait, won't the cleanup be done by cpuidle_free_state_kobj()?
> 
> > Fix those and also defer the initialization of dev->kobj_dev until
> > after the error check, so that we do not end up with a dangling
> > pointer.
> >
> > Signed-off-by: Anel Orazgaliyeva <anelkz@amazon.de>
> > Suggested-by: Aman Priyadarshi <apeureka@amazon.de>
> > ---
> >  drivers/cpuidle/sysfs.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
> > index 53ec9585ccd4..469e18547d06 100644
> > --- a/drivers/cpuidle/sysfs.c
> > +++ b/drivers/cpuidle/sysfs.c
> > @@ -488,6 +488,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
> >                                            &kdev->kobj, "state%d", i);
> >                 if (ret) {
> >                         kobject_put(&kobj->kobj);
> > +                       kfree(kobj);
> >                         goto error_state;
> >                 }
> >                 cpuidle_add_s2idle_attr_group(kobj);
> > @@ -619,6 +620,7 @@ static int cpuidle_add_driver_sysfs(struct cpuidle_device *dev)
> >                                    &kdev->kobj, "driver");
> >         if (ret) {
> >                 kobject_put(&kdrv->kobj);
> > +               kfree(kdrv);
> >                 return ret;
> >         }
> >
> > @@ -705,7 +707,6 @@ int cpuidle_add_sysfs(struct cpuidle_device *dev)
> >         if (!kdev)
> >                 return -ENOMEM;
> >         kdev->dev = dev;
> > -       dev->kobj_dev = kdev;
> >
> >         init_completion(&kdev->kobj_unregister);
> >
> > @@ -713,9 +714,11 @@ int cpuidle_add_sysfs(struct cpuidle_device *dev)
> >                                    "cpuidle");
> >         if (error) {
> >                 kobject_put(&kdev->kobj);
> > +               kfree(kdev);
> >                 return error;
> >         }
> >
> > +       dev->kobj_dev = kdev;
> >         kobject_uevent(&kdev->kobj, KOBJ_ADD);
> >
> >         return 0;
> > --
> > 2.32.0
> >
> >
> >
> >
> > Amazon Development Center Germany GmbH
> > Krausenstr. 38
> > 10117 Berlin
> > Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
> > Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> > Sitz: Berlin
> > Ust-ID: DE 289 237 879
> >
> >
> >



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879



  reply	other threads:[~2021-09-15 15:45 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-06 18:34 [PATCH] cpuidle: Fix memory leaks Anel Orazgaliyeva
2021-09-15 12:14 ` Rafael J. Wysocki
2021-09-15 15:44   ` Anel Orazgaliyeva [this message]
2021-10-01 18:45     ` Rafael J. Wysocki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210915154440.GA34487@dev-dsk-anelkz-1b-031e727b.eu-west-1.amazon.com \
    --to=anelkz@amazon.de \
    --cc=apeureka@amazon.de \
    --cc=daniel.lezcano@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=rafael@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.