From: Greg KH <gregkh@suse.de>
To: Rajan Aggarwal <rajan.aggarwal85@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] Free fw_priv in fw_create_instance
Date: Tue, 30 Aug 2011 14:26:00 -0700 [thread overview]
Message-ID: <20110830212600.GA10417@suse.de> (raw)
In-Reply-To: <CALN+fr1Nke3kgEpJbb8fbzAd=dB_KhKP71rZRpm7TjOmkE5Jwg@mail.gmail.com>
On Wed, Aug 31, 2011 at 01:16:24AM +0530, Rajan Aggarwal wrote:
> Hi,
>
>
> On Wed, Aug 31, 2011 at 12:49 AM, Greg KH <gregkh@suse.de> wrote:
> > On Wed, Aug 31, 2011 at 12:36:32AM +0530, Rajan Aggarwal wrote:
> >> fw_priv is not being freed in some of the error scenarios in
> >> fw_create_instance.
> >
> > Not true.
> >
> >> This patch makes sure that this is kfreed properly in all error
> >> situations in the fw_create_instance logic where it is required.
> >
> > Nope, this will cause a double-free to happen.
>
> >From what you say, the only suspicious line seems to be the following
> assignment:
> f_dev = &fw_priv->dev;
> However, I cannot make out how this can be freed by device_del or
> put_device as I don't see the logic anywhere where f_dev is
> decremented to get the address of fw_priv.
Look at the release function for the f_dev that was set up when the
class pointer was assigned to it. That function takes a pointer to a
"base" struct device, and back casts it to the fw_priv structure, and
then frees it.
That is how the driver core, and the kobject, and the kref model works.
When the last reference to the object is released, the release
function is called, freeing up the memory of the object.
Take a look at the Documentation/kobject.txt file for details as to how
this all works if you are still curious.
Hope this helps,
greg k-h
prev parent reply other threads:[~2011-08-30 21:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-30 19:06 [PATCH 1/1] Free fw_priv in fw_create_instance Rajan Aggarwal
2011-08-30 19:19 ` Greg KH
2011-08-30 19:46 ` Rajan Aggarwal
2011-08-30 21:26 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110830212600.GA10417@suse.de \
--to=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=rajan.aggarwal85@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox