Function devm_kstrdup() returns a NULL pointer if there is no enough memory. The function sram_reserve_regions() defined in file drivers/misc/sram.c will return a negative integer if something goes wrong. However, in function sram_reserve_regions(), when the call to devm_kstrdup() (at line 245) fails, the value of the return variable "ret" may be 0 (see the check of ret at line 236), which indicates success. Maybe it is better to assign "-ENOMEM" to ret when the call to devm_kstrdup() fails. Codes related to this bug are summarised as follows. sram_reserve_regions @@ drivers/misc/sram.c 178 static int sram_reserve_regions(struct sram_dev *sram, struct resource *res) 179 { ... 186 int ret = 0; 187 188 INIT_LIST_HEAD(&reserve_list); 189 190 size = resource_size(res); 191 192 /* 193 * We need an additional block to mark the end of the memory region 194 * after the reserved blocks from the dt are processed. 195 */ 196 nblocks = (np) ? of_get_available_child_count(np) + 1 : 1; 197 rblocks = kzalloc((nblocks) * sizeof(*rblocks), GFP_KERNEL); 198 if (!rblocks) 199 return -ENOMEM; 200 201 block = &rblocks[0]; 202 for_each_available_child_of_node(np, child) { 203 struct resource child_res; ... 234 label = NULL; 235 ret = of_property_read_string(child, "label", &label); 236 if (ret && ret != -EINVAL) { 237 dev_err(sram->dev, 238 "%s has invalid label name\n", 239 child->full_name); 240 goto err_chunks; 241 } 242 if (!label) 243 label = child->name; 244 245 block->label = devm_kstrdup(sram->dev, 246 label, GFP_KERNEL); 247 if (!block->label) 248 goto err_chunks; // insert "ret = -ENOMEM;" before this jump instruction? ... 258 block++; 259 } Thanks very much!
Created attachment 256387 [details] The patch fixes the bug The patch has been merged into the latest version of the Linux kernel. So I will close it.