Hi,
在 2024/08/16 18:32, Damien Le Moal 写道:
On 8/16/24 15:42, Yu Kuai wrote:
在 2024/08/16 11:58, Zheng Qixing 写道:
In ata_host_alloc(), if ata_port_alloc(host) fails to allocate memory
for a port, the allocated 'host' structure is not freed before returning
from the function. This results in a potential memory leak.
This patch adds a kfree(host) before the error handling code is executed
to ensure that the 'host' structure is properly freed in case of an
allocation failure.
Signed-off-by: Zheng Qixing <zhengqixing@xxxxxxxxxx>
I did not receive this patch and I do not see it on the list either. Something
went wrong...
Can you resend please ? Thanks.
---
drivers/ata/libata-core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index e4023fc288ac..f27a18990c38 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -5663,8 +5663,10 @@ struct ata_host *ata_host_alloc(struct device *dev, int n_ports)
}
dr = devres_alloc(ata_devres_release, 0, GFP_KERNEL);
- if (!dr)
+ if (!dr) {
+ kfree(host);
goto err_out;
+ }
Looks correct, dev_set_drvdata(dev, host) is not called yet.
ata_devres_release won't free host in this case.
I'll suggest to return NULL directly here, and then the 'err_out'
tag can be removed as well.
I do not think so. Since devres_open_group() was called, need to call either
devres_remove_group() or devres_release_group().
Yes, you're right.
Thanks,
Kuai
Anyway, with or without the cleanup:
Reviewed-by: Yu Kuai <yukuai3@xxxxxxxxxx>>
Thanks!
devres_add(dev, dr);
dev_set_drvdata(dev, host);
