Hi! > From: Qinglang Miao <miaoqinglang@xxxxxxxxxx> > > [ Upstream commit e3e9ced5c93803d5b2ea1942c4bf0192622531d6 ] > > kfree(host->card) has been called in put_device so that > another kfree would raise cause a double-free bug. > +++ b/drivers/memstick/core/memstick.c > @@ -468,7 +468,6 @@ static void memstick_check(struct work_struct *work) > host->card = card; > if (device_register(&card->dev)) { > put_device(&card->dev); > - kfree(host->card); > host->card = NULL; > } Does the host->card = NULL need to be removed, too (and following code refactored)? put_device() needs that pointer to be able to free it and it can do so asynchronously. This will cause crashes; they should be easy to reproduce with CONFIG_DEBUG_KOBJECT_RELEASE due to delay in kobject_release() AFAICT. Best regards, Pavel -- http://www.livejournal.com/~pavelmachek
Attachment:
signature.asc
Description: Digital signature