From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF982CA9EA0 for ; Tue, 22 Oct 2019 18:51:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B633D21872 for ; Tue, 22 Oct 2019 18:51:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571770311; bh=JLKY4p3jHs9fqd4jxmjrvPPbmVC1gbK3HhHdLaqS7us=; h=In-Reply-To:References:To:From:Cc:Subject:Date:List-ID:From; b=cbnO/iF2YlZ6bOYtv/4SlxJQRwIMz8JfNxMcYDzz9k5qoaYJQ5KT3ZVKqa1hULOKQ zpWm3AO5Qx/q2ItYZ+PFmvUNfh9ZSrOJYkFQWneE/Va7An0LzinvOEu/YoBS8QajQx +NaA3Npmr2zX9A1BhMDDsGa/fWka0Ba2EV0dg5Do= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732753AbfJVSvv (ORCPT ); Tue, 22 Oct 2019 14:51:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:39222 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732322AbfJVSvv (ORCPT ); Tue, 22 Oct 2019 14:51:51 -0400 Received: from kernel.org (unknown [104.132.0.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9B09B20B7C; Tue, 22 Oct 2019 18:51:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571770310; bh=JLKY4p3jHs9fqd4jxmjrvPPbmVC1gbK3HhHdLaqS7us=; h=In-Reply-To:References:To:From:Cc:Subject:Date:From; b=LcUNPao93iqN1tG14CLpe1QxgcGEB4ySV+YwReDsToMIPy39TaU2mnTaoM4f/eOnM 2I1hb9GB05J4u2Ty11jYwWrtPI4ERZWcaB3X3eu2c0CZDj6rsakZHc9qLeQBfyj0CT cbhTLUNjpXYjMo8gouX+mI/0E0BzWWaykWSvBRes= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable In-Reply-To: <20191022071153.21118-1-kishon@ti.com> References: <20191022071153.21118-1-kishon@ti.com> To: Kishon Vijay Abraham I , Michael Turquette From: Stephen Boyd Cc: linux-clk@vger.kernel.org, linux-kernel@vger.kernel.org, Kishon Vijay Abraham I , Tomi Valkeinen , Tero Kristo Subject: Re: [PATCH] clk: Fix memory leak in clk_unregister() User-Agent: alot/0.8.1 Date: Tue, 22 Oct 2019 11:51:49 -0700 Message-Id: <20191022185150.9B09B20B7C@mail.kernel.org> Sender: linux-clk-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-clk@vger.kernel.org Quoting Kishon Vijay Abraham I (2019-10-22 00:11:53) > Memory allocated in alloc_clk() for 'struct clk' and > 'const char *con_id' while invoking clk_register() is never freed > in clk_unregister(), resulting in kmemleak showing the following > backtrace. >=20 > backtrace: > [<00000000546f5dd0>] kmem_cache_alloc+0x18c/0x270 > [<0000000073a32862>] alloc_clk+0x30/0x70 > [<0000000082942480>] __clk_register+0xc8/0x760 > [<000000005c859fca>] devm_clk_register+0x54/0xb0 > [<00000000868834a8>] 0xffff800008c60950 > [<00000000d5a80534>] platform_drv_probe+0x50/0xa0 > [<000000001b3889fc>] really_probe+0x108/0x348 > [<00000000953fa60a>] driver_probe_device+0x58/0x100 > [<0000000008acc17c>] device_driver_attach+0x6c/0x90 > [<0000000022813df3>] __driver_attach+0x84/0xc8 > [<00000000448d5443>] bus_for_each_dev+0x74/0xc8 > [<00000000294aa93f>] driver_attach+0x20/0x28 > [<00000000e5e52626>] bus_add_driver+0x148/0x1f0 > [<000000001de21efc>] driver_register+0x60/0x110 > [<00000000af07c068>] __platform_driver_register+0x40/0x48 > [<0000000060fa80ee>] 0xffff800008c66020 >=20 > Fix it here. Do you have some Fixes tag for this? Looks OK to me, but I wonder if we should also assign hw->clk to NULL after unregister frees it. There are probably other problems around unregistration and reference counting that we haven't found so far so I'm worried this doesn't solve all the problems by just freeing the clk pointer. For example, anything referencing the clk pointer freed here will now start trying to dereference freed memory. For most cases we've replaced struct clk with struct clk_core in the clk framework so I hope this pointer isn't used very much at all. A quick grep shows that it is returned from clk_get_parent() and __clk_lookup(). We really need to kill off __clk_lookup() and replace it with something else, and clk_get_parent() needs to generate a different clk and have callers call clk_put() on the returned pointer. Long story short I think this is OK!