* [iio:wip] drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_device(
@ 2012-09-15 14:35 Fengguang Wu
2012-09-17 10:57 ` [iio:wip] drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_dev Dan Carpenter
0 siblings, 1 reply; 2+ messages in thread
From: Fengguang Wu @ 2012-09-15 14:35 UTC (permalink / raw)
To: kernel-janitors
Hi Jonathan,
There is a smatch warning in tree
git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio.git wip
+ drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_device() after input_unregister_device()
vim +189 drivers/staging/iio/iio_input.c
186 error_unregister_input:
187 input_unregister_device(st->idev);
188 error_free_idev:
> 189 input_free_device(st->idev);
190 error_channels_release_all:
191 iio_channel_release_all_cb(st->buff);
192 error_free_state:
193 kfree(st);
194 return ret;
195 }
---
0-DAY kernel build testing backend Open Source Technology Centre
Fengguang Wu, Yuanhan Liu Intel Corporation
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [iio:wip] drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_dev
2012-09-15 14:35 [iio:wip] drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_device( Fengguang Wu
@ 2012-09-17 10:57 ` Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2012-09-17 10:57 UTC (permalink / raw)
To: kernel-janitors
On Sat, Sep 15, 2012 at 10:35:47PM +0800, Fengguang Wu wrote:
> Hi Jonathan,
>
> There is a smatch warning in tree
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio.git wip
>
> + drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_device() after input_unregister_device()
>
> vim +189 drivers/staging/iio/iio_input.c
>
> 186 error_unregister_input:
> 187 input_unregister_device(st->idev);
> 188 error_free_idev:
> > 189 input_free_device(st->idev);
In this case, it's obvious that we do reference "st->idev" after
calling input_unregister_device() so this is a bug. Normally way
people write this is to make input_register_device() the last call
in the probe() function which can fail. In this case, it's a bit
awkward to do that it looks like.
Anyway, it's a double free bug because
input_register/unregister_device() is ref counted.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-09-17 10:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-15 14:35 [iio:wip] drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_device( Fengguang Wu
2012-09-17 10:57 ` [iio:wip] drivers/staging/iio/iio_input.c:189 iio_input_probe() error: don't call input_free_dev Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).