On Tue, Jun 06, 2023 at 04:37:49PM +0300, Tony Lindgren wrote: > * Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> [230606 13:16]: > > On Tue, Jun 06, 2023 at 11:26:25AM +0300, Dan Carpenter wrote: > > > The put_device() function will call serial_base_ctrl_release() or > > > serial_base_port_release() so these kfrees() are a double free bug. ... > > These labels are also called without device being even added. > > So, this is not good enough as far as I can tell. > > I guess you mean the possibe error returned from the call to > serial_base_device_init()? > > If serial_base_device_init() fails, we return error and end up doing > the put_device(). > > We have serial_base_device_init() call device_initialize(), is that > not enough for put_device()? It's not. The error is returned when device release callback is not assigned yet. And also just noticed since we return deferred probe, the message there should be ratelimited or given only _once(). -- With Best Regards, Andy Shevchenko
