On Thu, Jan 20, 2022 at 3:32 PM Jack Wang <jinpu.wang@xxxxxxxxx> wrote:
>
> Callback function rtrs_clt_dev_release() for put_device()
> calls kfree(clt) to free memory. We shouldn't call kfree(clt) again,
> and we can't use the clt after kfree too.
>
> Fixes: 6a98d71daea1 ("RDMA/rtrs: client: main functionality")
> Reported-by: Miaoqian Lin <linmq006@xxxxxxxxx>
> Signed-off-by: Jack Wang <jinpu.wang@xxxxxxxxx>
> ---
> drivers/infiniband/ulp/rtrs/rtrs-clt.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/infiniband/ulp/rtrs/rtrs-clt.c b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
> index b159471a8959..fbce9cb87d08 100644
> --- a/drivers/infiniband/ulp/rtrs/rtrs-clt.c
> +++ b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
> @@ -2680,6 +2680,7 @@ static void rtrs_clt_dev_release(struct device *dev)
> struct rtrs_clt_sess *clt = container_of(dev, struct rtrs_clt_sess,
> dev);
>
> + free_percpu(clt->pcpu_path);
> kfree(clt);
> }
>
> @@ -2760,8 +2761,6 @@ static struct rtrs_clt_sess *alloc_clt(const char *sessname, size_t paths_num,
> err_dev:
> device_unregister(&clt->dev);
> err:
> - free_percpu(clt->pcpu_path);
> - kfree(clt);
If dev_set_name fails, it would end up not calling the release
function since device_register has not been called yet, hence
pcpu_path, clt wont be freed.
Sending another patch in sometime
> return ERR_PTR(err);
> }
>
> --
> 2.25.1
>
