[PATCH 2/2] iommu: fix smmu initialization memory leak problem

Sun Nov 20 18:09:26 PST 2022

On 2022/11/18 19:54, Robin Murphy wrote:
> On 2022-11-18 09:28, liulongfang wrote:
>> On 2022/11/15 2:08, Will Deacon Wrote:
>>> On Fri, Oct 21, 2022 at 11:51:47AM +0800, Longfang Liu wrote:
>>>> When iommu_device_register() in arm_smmu_device_probe() fails,
>>>> in addition to sysfs needs to be deleted, device should also
>>>> be disabled, and the memory of iopf needs to be released to
>>>> prevent memory leak of iopf.
>>>>
>>>> Signed-off-by: Longfang Liu <liulongfang at huawei.com>
>>>> ---
>>>>   drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 9 +++++++--
>>>>   1 file changed, 7 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>>> index a1db07bed6a9..c70defb0c866 100644
>>>> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>>> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
>>>> @@ -3816,11 +3816,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
>>>>       ret = iommu_device_register(&smmu->iommu, &arm_smmu_ops, dev);
>>>>       if (ret) {
>>>>           dev_err(dev, "Failed to register iommu\n");
>>>> -        iommu_device_sysfs_remove(&smmu->iommu);
>>>> -        return ret;
>>>> +        goto err_sysfs_remove;
>>>>       }
>>>>         return 0;
>>>> +
>>>> +err_sysfs_remove:
>>>> +    iommu_device_sysfs_remove(&smmu->iommu);
>>>> +    arm_smmu_device_disable(smmu);
>>>> +    iopf_queue_free(smmu->evtq.iopf);
>>>> +    return ret;
>>>
>>> Doesn't this miss the cases where iommu_device_sysfs_add() or
>>> arm_smmu_device_reset() fail?
>>>
>>> We'd probably be better off using something like devres_alloc() to track
>>> the iopf queue here.
>>>
>> This is actually not a problem found by the test, but a problem found
>> by the code logic analysis. When an error exits, the memory allocated
>> by the iopf queue is not released during the entire exit process.
> 
> Sure, but the point is that there are at least 5 points of failure after iopf_queue_alloc() succeeds, 

OK! Let me change this patch and modify the abnormal exit part related to iopf_queue_alloc() in probe()

Thanks,
Longfang.

which could result in an early exit from probe. This patch only affects the last one of those, so the theoretical problem it claims to fix still exists just as much as before.
> 
> Robin.
> 
> .
> 