[PATCH 2/2] iommu: fix smmu initialization memory leak problem

Robin Murphy robin.murphy at arm.com
Fri Nov 18 03:54:15 PST 2022 

On 2022-11-18 09:28, liulongfang wrote:
> On 2022/11/15 2:08, Will Deacon Wrote:
>> On Fri, Oct 21, 2022 at 11:51:47AM +0800, Longfang Liu wrote:
>>> When iommu_device_register() in arm_smmu_device_probe() fails,
>>> in addition to sysfs needs to be deleted, device should also
>>> be disabled, and the memory of iopf needs to be released to
>>> prevent memory leak of iopf.
>>>
>>> Signed-off-by: Longfang Liu <liulongfang at huawei.com>
>>> ---
>>>   drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
>>>   1 file changed, 7 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>> index a1db07bed6a9..c70defb0c866 100644
>>> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>> @@ -3816,11 +3816,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
>>>   	ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
>>>   	if (ret) {
>>>   		dev_err(dev, "Failed to register iommu\n");
>>> -		iommu_device_sysfs_remove(&smmu->iommu);
>>> -		return ret;
>>> +		goto err_sysfs_remove;
>>>   	}
>>>   
>>>   	return 0;
>>> +
>>> +err_sysfs_remove:
>>> +	iommu_device_sysfs_remove(&smmu->iommu);
>>> +	arm_smmu_device_disable(smmu);
>>> +	iopf_queue_free(smmu->evtq.iopf);
>>> +	return ret;
>>
>> Doesn't this miss the cases where iommu_device_sysfs_add() or
>> arm_smmu_device_reset() fail?
>>
>> We'd probably be better off using something like devres_alloc() to track
>> the iopf queue here.
>>
> This is actually not a problem found by the test, but a problem found
> by the code logic analysis. When an error exits, the memory allocated
> by the iopf queue is not released during the entire exit process.

Sure, but the point is that there are at least 5 points of failure after 
iopf_queue_alloc() succeeds, which could result in an early exit from 
probe. This patch only affects the last one of those, so the theoretical 
problem it claims to fix still exists just as much as before.

Robin.

More information about the linux-arm-kernel mailing list