From: greg@kroah.com (Greg KH)
To: kernelnewbies@lists.kernelnewbies.org
Subject: should failed calls to device_register() always call put_device()?
Date: Sun, 29 May 2011 05:57:36 +0800 [thread overview]
Message-ID: <20110528215736.GE19246@kroah.com> (raw)
In-Reply-To: <BANLkTimSfBQ1JO9+TbdApgFXfqTM=a55nQ@mail.gmail.com>
On Sat, May 28, 2011 at 06:00:10PM +0200, Belisko Marek wrote:
> Hi Robert,
>
> On Sat, May 28, 2011 at 5:15 PM, Robert P. J. Day <rpjday@crashcourse.ca> wrote:
> >
> > ?from drivers/base/core.c, we have the fairly unambiguous advice:
> >
> > * NOTE: _Never_ directly free @dev after calling this function, even
> > * if it returned an error! Always use put_device() to give up the
> > * reference initialized in this function instead.
> > */
> > int device_register(struct device *dev)
> > {
> > ? ? ? ?device_initialize(dev);
> > ? ? ? ?return device_add(dev);
> > }
> >
> > ?and yet, there appears to be driver code that does exactly that,
> > such as this snippet from drivers/w1/w1_int.c (line 86):
> >
> > ? ? ? ?... snip ...
> > ? ? ? ?err = device_register(&dev->dev);
> > ? ? ? ?if (err) {
> > ? ? ? ? ? ? ? ?printk(KERN_ERR "Failed to register master device. err=%d\n", err);
> > ? ? ? ? ? ? ? ?memset(dev, 0, sizeof(struct w1_master));
> > ? ? ? ? ? ? ? ?kfree(dev);
> > ? ? ? ? ? ? ? ?dev = NULL;
> > ? ? ? ?}
> Free is for allocated dev not for struct device so it is OK. IMO thi
> snippet should look like:
> err = device_register(&dev->dev);
> if (err) {
> printk(KERN_ERR "Failed to register master device. err=%d\n", err);
> put_device(&dev->dev);
Yes, that is correct.
> memset(dev, 0, sizeof(struct w1_master));
> kfree(dev);
> dev = NULL;
Nope, you just accessed memory that was already freed twice, so you
could have oopsed any one of those times.
After the last put_device() happens, you CAN NOT touch the device again,
as it could be gone (might, might not, you don't really know, all you
know is you said you were done with it so you can't access it again.)
Hope this helps,
greg k-h
prev parent reply other threads:[~2011-05-28 21:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-28 15:15 should failed calls to device_register() always call put_device()? Robert P. J. Day
2011-05-28 16:00 ` Belisko Marek
2011-05-28 16:29 ` Robert P. J. Day
2011-05-28 18:56 ` Belisko Marek
2011-05-28 19:43 ` Robert P. J. Day
2011-05-28 20:22 ` Belisko Marek
2011-05-28 22:01 ` Greg KH
2011-05-29 11:21 ` Robert P. J. Day
2011-05-29 11:49 ` Greg KH
2011-05-29 12:49 ` Robert P. J. Day
2011-05-28 21:57 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110528215736.GE19246@kroah.com \
--to=greg@kroah.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).