Hi Bjorn,
On 9/23/21 1:56 AM, Bjorn Andersson wrote:
On Wed 22 Sep 15:16 PDT 2021, Vladimir Zapolskiy wrote:
On success nvmem_cell_read() returns a pointer to a dynamically allocated
buffer, and therefore it shall be freed after usage.
The issue is reported by kmemleak:
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff3b3803e4b280 (size 128):
comm "kworker/u16:1", pid 107, jiffies 4294892861 (age 94.120s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000007739afdc>] __kmalloc+0x27c/0x41c
[<0000000071c0fbf8>] nvmem_cell_read+0x40/0xe0
[<00000000e803ef1f>] qusb2_phy_init+0x258/0x5bc
[<00000000fc81fcfa>] phy_init+0x70/0x110
[<00000000e3d48a57>] dwc3_core_soft_reset+0x4c/0x234
[<0000000027d1dbd4>] dwc3_core_init+0x68/0x990
[<000000001965faf9>] dwc3_probe+0x4f4/0x730
[<000000002f7617ca>] platform_probe+0x74/0xf0
[<00000000a2576cac>] really_probe+0xc4/0x470
[<00000000bc77f2c5>] __driver_probe_device+0x11c/0x190
[<00000000130db71f>] driver_probe_device+0x48/0x110
[<0000000019f36c2b>] __device_attach_driver+0xa4/0x140
[<00000000e5812ff7>] bus_for_each_drv+0x84/0xe0
[<00000000f4bac574>] __device_attach+0xe4/0x1c0
[<00000000d3beb631>] device_initial_probe+0x20/0x30
[<000000008019b9db>] bus_probe_device+0xa4/0xb0
Fixes: 0b56e9a7e835 ("phy: Group vendor specific phy drivers")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@xxxxxxxxxx>
---
drivers/phy/qualcomm/phy-qcom-qusb2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/phy/qualcomm/phy-qcom-qusb2.c b/drivers/phy/qualcomm/phy-qcom-qusb2.c
index 3c1d3b71c825..061665ba8ef7 100644
--- a/drivers/phy/qualcomm/phy-qcom-qusb2.c
+++ b/drivers/phy/qualcomm/phy-qcom-qusb2.c
@@ -589,6 +589,8 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy)
qusb2_write_mask(qphy->base, cfg->regs[QUSB2PHY_PORT_TUNE2],
val[0] << HSTX_TRIM_SHIFT,
HSTX_TRIM_MASK);
+
+ kfree(val);
Nice catch, here's my:
Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Thank you for the review, however I have just found a still unresolved
memleak when zeroes are returned, so there is v2.
That said, do you think we could replace the nvmem_cell_read() with a
call to nvmem_cell_read_u8() to avoid the need to clean it up instead?
It might be a good idea to do it in a separate change, nvmem_cell_read_u8()
is found in v5.9 and later versions, so its usage prevents a probable
backport to stable branches, because the original problem comes in v4.12.
FWIW the sent fix should be clearly applicable to v4.20 and later versions
only, if it's needed, separate changes are required to cover v4.12-v4.20
range.
--
Best wishes,
Vladimir