In the error path of vmbus_device_register(), device_unregister() is
called, hv_device has already been freed in vmbus_device_release(),
remove the kfree() in vmbus_add_channel_work() to avoid double free.
Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info")
Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
---
drivers/hv/channel_mgmt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
index 5b120402d405..576ebaf729a8 100644
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -533,13 +533,15 @@ static void vmbus_add_channel_work(struct work_struct *work)
* Add the new device to the bus. This will kick off device-driver
* binding which eventually invokes the device driver's AddDevice()
* method.
+ * If vmbus_device_register() fails, the 'device_obj' will be freed
+ * in vmbus_device_release() in vmbus_device_register(). In the outside
+ * error path, it's no need to free it.
*/
ret = vmbus_device_register(newchannel->device_obj);
if (ret != 0) {
pr_err("unable to add child device object (relid %d)\n",
newchannel->offermsg.child_relid);
- kfree(newchannel->device_obj);
goto err_deq_chan;
}
--
2.25.1
