Hi,
On 2022/10/21 5:21, Jerry Snitselaar wrote:
On Thu, Oct 20, 2022 at 02:38:30PM +0800, Yang Yingliang wrote:
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
if device_register() fails, it should call put_device() to give up
reference, the name can be freed in callback function kobject_cleanup().
Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
---
drivers/dma/dmaengine.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
index c741b6431958..46adfec04f0c 100644
--- a/drivers/dma/dmaengine.c
+++ b/drivers/dma/dmaengine.c
@@ -1068,8 +1068,11 @@ static int __dma_async_device_channel_register(struct dma_device *device,
dev_set_name(&chan->dev->device, "dma%dchan%d",
device->dev_id, chan->chan_id);
rc = device_register(&chan->dev->device);
- if (rc)
+ if (rc) {
+ put_device(&chan->dev->device);
+ chan->dev = NULL;
Doesn't this leak the memory that was just grabbed with the kzalloc() call at
the beginning of __dma_async_device_channel_register() since now kfree() is
going to passed NULL?
After calling put_device(), chan_dev_release() will be called when
refcount hit to 0,
'chan->dev' is freed in it, so set chan->dev to NULL to avoid double free.
Thanks,
Yang
Regards,
Jerry
goto err_out_ida;
+ }
chan->client_count = 0;
device->chancnt++;
--
2.25.1
.
