Re: [RESEND PATCH] cpufreq: unnecesary double free in pcc_cpufreq_do_osc

From: Pekka Enberg
Date: Fri Oct 01 2010 - 00:50:41 EST

Next message: Mike Galbraith: "Re: [PATCH] fix 2.6.32.23 suspend regression caused by commit6f6198a"
Previous message: Robin Holt: "Re: [PATCH V3] fs: allow for more than 2^31 files"
Next in thread: Dave Jones: "Re: [RESEND PATCH] cpufreq: unnecesary double free inpcc_cpufreq_do_osc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Dave,

On 30.9.2010 23.06, Dave Jones wrote:

On Thu, Sep 30, 2010 at 10:59:51PM +0300, Pekka Enberg wrote:
> > +++ b/arch/x86/kernel/cpu/cpufreq/pcc-cpufreq.c
> > @@ -379,6 +379,8 @@ static int __init pcc_cpufreq_do_osc(acpi_handle *handle)
> > if (!(supported& 0x1))
> > return -ENODEV;
> >
> > + return ret;
> > +
> > out_free:
> > kfree(output.pointer);
> > return ret;
>
> Where is the double free here? I can't see it. I do see memory leaks
> happening in error handling paths of pcc_cpufreq_do_osc() which makes
> me think we need something like the attached patch.

I think Dave's patch is correct. There's a kfree(output.pointer) at line 359.
If we fall all the way through without hitting any of the return -ENODEVs,
we end up doing a 2nd kfree in the out_free:

There's a second call to acpi_evaluate_object() which takes "output" as its argument and allocates more memory.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Galbraith: "Re: [PATCH] fix 2.6.32.23 suspend regression caused by commit6f6198a"
Previous message: Robin Holt: "Re: [PATCH V3] fs: allow for more than 2^31 files"
Next in thread: Dave Jones: "Re: [RESEND PATCH] cpufreq: unnecesary double free inpcc_cpufreq_do_osc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]