From: Lars-Peter Clausen <lars@metafoo.de>
To: Jonathan Cameron <jic23@kernel.org>
Cc: linux-iio@vger.kernel.org, Lars-Peter Clausen <lars@metafoo.de>
Subject: [PATCH 1/2] iio: iio_alloc_device(): Free device correctly on error
Date: Sun, 31 Oct 2021 08:32:30 +0100 [thread overview]
Message-ID: <20211031073231.13780-1-lars@metafoo.de> (raw)
Once device_initialize() has been called on a struct device the device must
be freed by decreasing the reference count rather than directly freeing the
underlying memory.
This is so that any additional state and resources associated with the
device get properly freed.
In this particular case there are no additional resources associated with
the device and no additional reference count. So there is no resource leak
or use-after-free by freeing the struct device directly
But in order to follow best practices and avoid accidental future breakage
use put_device() instead of kfree() to free the device when an error
occurs.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
---
No fixes tag since, while the code is wrong, it works. No leaks and no
use-after-free.
drivers/iio/industrialio-core.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
index 463a63d5bf56..669218365277 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -1615,7 +1615,8 @@ static void iio_dev_release(struct device *device)
iio_device_detach_buffers(indio_dev);
- ida_simple_remove(&iio_ida, iio_dev_opaque->id);
+ if (iio_dev_opaque->id >= 0)
+ ida_simple_remove(&iio_ida, iio_dev_opaque->id);
kfree(iio_dev_opaque);
}
@@ -1662,20 +1663,20 @@ struct iio_dev *iio_device_alloc(struct device *parent, int sizeof_priv)
if (iio_dev_opaque->id < 0) {
/* cannot use a dev_err as the name isn't available */
pr_err("failed to get device id\n");
- kfree(iio_dev_opaque);
- return NULL;
+ goto err_put_device;
}
- if (dev_set_name(&indio_dev->dev, "iio:device%d", iio_dev_opaque->id)) {
- ida_simple_remove(&iio_ida, iio_dev_opaque->id);
- kfree(iio_dev_opaque);
- return NULL;
- }
+ if (dev_set_name(&indio_dev->dev, "iio:device%d", iio_dev_opaque->id))
+ goto err_put_device;
INIT_LIST_HEAD(&iio_dev_opaque->buffer_list);
INIT_LIST_HEAD(&iio_dev_opaque->ioctl_handlers);
return indio_dev;
+
+err_put_device:
+ put_device(&indio_dev->dev);
+ return NULL;
}
EXPORT_SYMBOL(iio_device_alloc);
--
2.20.1
next reply other threads:[~2021-10-31 7:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-31 7:32 Lars-Peter Clausen [this message]
2021-10-31 7:32 ` [PATCH 2/2] iio: viio_trigger_alloc(): Correctly free trigger on error Lars-Peter Clausen
[not found] ` <CAHp75VfT-VgMODDdZCy8ERh1Uw8HVR6YuzmTukeP+nHbrx++sg@mail.gmail.com>
2021-10-31 9:15 ` Lars-Peter Clausen
2021-10-31 13:00 ` Andy Shevchenko
2021-12-05 19:10 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211031073231.13780-1-lars@metafoo.de \
--to=lars@metafoo.de \
--cc=jic23@kernel.org \
--cc=linux-iio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox