On Tue, 2018-09-25 at 12:15 -0600, Logan Gunthorpe wrote: +AD4 On 2018-09-25 11:29 a.m., Bart Van Assche wrote: +AD4 +AD4 On Tue, 2018-09-25 at 10:22 -0600, Logan Gunthorpe wrote: +AD4 +AD4 +AD4 +AEAAQA -83,9 +-132,14 +AEAAQA static int pci+AF8-p2pdma+AF8-setup(struct pci+AF8-dev +ACo-pdev) +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 pdev-+AD4-p2pdma +AD0 p2p+ADs +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 +- error +AD0 sysfs+AF8-create+AF8-group(+ACY-pdev-+AD4-dev.kobj, +ACY-p2pmem+AF8-group)+ADs +AD4 +AD4 +AD4 +- if (error) +AD4 +AD4 +AD4 +- goto out+AF8-pool+AF8-destroy+ADs +AD4 +AD4 +AD4 +- +AD4 +AD4 +AD4 return 0+ADs +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 out+AF8-pool+AF8-destroy: +AD4 +AD4 +AD4 +- pdev-+AD4-p2pdma +AD0 NULL+ADs +AD4 +AD4 +AD4 gen+AF8-pool+AF8-destroy(p2p-+AD4-pool)+ADs +AD4 +AD4 +AD4 out: +AD4 +AD4 +AD4 devm+AF8-kfree(+ACY-pdev-+AD4-dev, p2p)+ADs +AD4 +AD4 +AD4 +AD4 This doesn't look right to me. Shouldn't devm+AF8-remove+AF8-action() be called instead +AD4 +AD4 of devm+AF8-kfree() if sysfs+AF8-create+AF8-group() fails? +AD4 +AD4 That makes no sense to me. We are reversing a devm+AF8-kzalloc() not a +AD4 custom action.... In case what I wrote was not clear: both devm+AF8-kzalloc() and devm+AF8-add+AF8-action+AF8-or+AF8-reset() have to be reversed if sysfs+AF8-create+AF8-group() fails. devm+AF8-add+AF8-action+AF8-or+AF8-reset() calls devres+AF8-add(). The latter function adds an element to the dev-+AD4-devres+AF8-head list. So I think that only calling devm+AF8-kfree() if sysfs+AF8-create+AF8-group() fails will lead to corruption of the dev-+AD4-devres+AF8-head list. Bart.
