On Sun, Jan 05, 2025 at 07:11:56PM +0800, Ma Ke wrote:
> Once device_register() failed, we should call put_device() to
> decrement reference count for cleanup. Or it could cause memory leak.
>
> device_register() includes device_add(). As comment of device_add()
> says, 'if device_add() succeeds, you should call device_del() when you
> want to get rid of it. If device_add() has not succeeded, use only
> put_device() to drop the reference count'.
The commit message is not quite correct:
"After calling device_register(), the correct way to dispose of the
device is to call put_device() as per the device_register()
documentation rather than kfree()."
This reveals that your patch is not completely correct.
> diff --git a/arch/arm/common/locomo.c b/arch/arm/common/locomo.c
> index cb6ef449b987..7274010218ec 100644
> --- a/arch/arm/common/locomo.c
> +++ b/arch/arm/common/locomo.c
> @@ -255,6 +255,7 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info)
>
> ret = device_register(&dev->dev);
> if (ret) {
> + put_device(&dev->dev);
> out:
> kfree(dev);
... and that leads to the second problem here - this kfree() will lead
to a double-free of the device. Once by the reference count dropping to
zero, resulting in locomo_dev_release() being called, and then this
kfree().
Thanks.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
