Re: [PATCH] serial: core: don't kfree device managed data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 06, 2023 at 04:37:49PM +0300, Tony Lindgren wrote:
> * Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> [230606 13:16]:
> > On Tue, Jun 06, 2023 at 11:26:25AM +0300, Dan Carpenter wrote:
> > > The put_device() function will call serial_base_ctrl_release() or
> > > serial_base_port_release() so these kfrees() are a double free bug.

...

> > These labels are also called without device being even added.
> > So, this is not good enough as far as I can tell.
> 
> I guess you mean the possibe error returned from the call to
> serial_base_device_init()?
> 
> If serial_base_device_init() fails, we return error and end up doing
> the put_device().
> 
> We have serial_base_device_init() call device_initialize(), is that
> not enough for put_device()?

It's not. The error is returned when device release callback is not assigned
yet.

And also just noticed since we return deferred probe, the message there should
be ratelimited or given only _once().

-- 
With Best Regards,
Andy Shevchenko





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux PPP]     [Linux FS]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linmodem]     [Device Mapper]     [Linux Kernel for ARM]

  Powered by Linux