This is a note to let you know that I've just added the patch titled
fpga: m10bmc-sec: Fix possible memory leak of flash_buf
to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch.
The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the next -rc kernel release.
If you have any questions about this process, please let me know.
From 468c9d928a8f38fdfaa61b05e81473cc7c8a6461 Mon Sep 17 00:00:00 2001 From: Russ Weight russell.h.weight@intel.com Date: Fri, 16 Sep 2022 16:52:05 -0700 Subject: fpga: m10bmc-sec: Fix possible memory leak of flash_buf
There is an error check following the allocation of flash_buf that returns without freeing flash_buf. It makes more sense to do the error check before the allocation and the reordering eliminates the memory leak.
Reported-by: kernel test robot lkp@intel.com Reported-by: Dan Carpenter dan.carpenter@oracle.com Fixes: 154afa5c31cd ("fpga: m10bmc-sec: expose max10 flash update count") Signed-off-by: Russ Weight russell.h.weight@intel.com Reviewed-by: Tom Rix trix@redhat.com Acked-by: Xu Yilun yilun.xu@intel.com Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20220916235205.106873-1-russell.h.weight@intel.com Signed-off-by: Xu Yilun yilun.xu@intel.com --- drivers/fpga/intel-m10-bmc-sec-update.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/fpga/intel-m10-bmc-sec-update.c b/drivers/fpga/intel-m10-bmc-sec-update.c index 72c677c910de..133e511355c9 100644 --- a/drivers/fpga/intel-m10-bmc-sec-update.c +++ b/drivers/fpga/intel-m10-bmc-sec-update.c @@ -148,10 +148,6 @@ static ssize_t flash_count_show(struct device *dev, stride = regmap_get_reg_stride(sec->m10bmc->regmap); num_bits = FLASH_COUNT_SIZE * 8;
- flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL); - if (!flash_buf) - return -ENOMEM; - if (FLASH_COUNT_SIZE % stride) { dev_err(sec->dev, "FLASH_COUNT_SIZE (0x%x) not aligned to stride (0x%x)\n", @@ -160,6 +156,10 @@ static ssize_t flash_count_show(struct device *dev, return -EINVAL; }
+ flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL); + if (!flash_buf) + return -ENOMEM; + ret = regmap_bulk_read(sec->m10bmc->regmap, STAGING_FLASH_COUNT, flash_buf, FLASH_COUNT_SIZE / stride); if (ret) {