[PATCH linux dev-5.1] fsi: core: Fix NULL dereference issue
Jeremy Kerr
jk at ozlabs.org
Thu Jun 27 16:38:25 AEST 2019
Hi Lei
> >
> > It looks like this will leak memory (through the struct fsi_slave)
> > that
> > has been kzalloc()ed. After device_register, we need to call
> > put_device() to free the struct fsi_slave, but there's no mechanism
> > for
> > that to happen if we remove it from fsi_slave_init().
>
> The memory is "leaked" in this function, that the slave device is not
> freed
> here. But eventually, it will be freed in fsi_slave_release() (if I
> understand
> the code correctly), so there is no leak, eventually.
But there's no way for fsi_slave_release() to be called, as the device
isn't registered with the core (d1dcd67825 effectively removed the
device_add from the slave device init).
I think that the BUG_ON that we're hitting in the release path is
through the cdev parent release, which brings the refcount down to 0,
then we do another put_device().
This could just be a matter of correcting the registration of the slave
to the device core - I'll take a look here.
Cheers,
Jeremy
More information about the openbmc
mailing list