[Bug report] Memory leak in scmi_device_create
Catalin Marinas
catalin.marinas at arm.com
Thu Mar 6 08:18:38 PST 2025
On Thu, Mar 06, 2025 at 03:47:27PM +0000, Cristian Marussi wrote:
> On Thu, Mar 06, 2025 at 02:36:16PM +0000, Catalin Marinas wrote:
> > This loop in scmi_device_create() looks strange:
> >
> > list_for_each_entry(rdev, phead, node) {
> > struct scmi_device *sdev;
> >
> > sdev = __scmi_device_create(np, parent,
> > rdev->id_table->protocol_id,
> > rdev->id_table->name);
> > /* Report errors and carry on... */
> > if (sdev)
> > scmi_dev = sdev;
> > else
> > pr_err("(%s) Failed to create device for protocol 0x%x (%s)\n",
> > of_node_full_name(parent->of_node),
> > rdev->id_table->protocol_id,
> > rdev->id_table->name);
> > }
> >
> > We can override scmi_dev a few times in the loop and lose the previous
> > sdev allocations. Is this intended?
>
> Yes...it is weird..but by design I would say :P ...
>
> ...because this is called to instantiate one single device OR instantiate at
> once all the multiple devices needed for a protocol: in this latter case it
> returns just one of the created devices to signal success or NULL if all the
> devices' creation failed....we dont need to keep the allocated devices references
> anyway here since on success those devices are now referenced and kept on the
> SCMI bus, so they can be searched/scanned/destroyed from there.
Not sure why the pointer isn't found, device_add() should link it with
the parent. Unless something else fails, the parent is freed and the
linked devices unreachable. I'm not familiar at all with this code, I
just saw kmemleak and thought of replying.
The loop is still weird, scmi_chan_setup() seems to use the pointer to
scmi_device for something more meaningful than a pass/fail check. Also
the overall result is based only on what the last __scmi_device_create()
return value was, irrespective of the previous iterations of the loop.
You do have a pr_err() but no early bailing out of the loop on failure.
I'm curious if there are any SCMI errors in the Alice's kernel log.
--
Catalin
More information about the linux-arm-kernel
mailing list