[PATCH linux dev-5.1] fsi: core: Fix NULL dereference issue

Jeremy Kerr jk at ozlabs.org
Thu Jun 27 16:38:25 AEST 2019


Hi Lei

> > 
> > It looks like this will leak memory (through the struct fsi_slave)
> > that
> > has been kzalloc()ed. After device_register, we need to call
> > put_device() to free the struct fsi_slave, but there's no mechanism
> > for
> > that to happen if we remove it from fsi_slave_init().
> 
> The memory is "leaked" in this function, that the slave device is not
> freed
> here. But eventually, it will be freed in fsi_slave_release() (if I
> understand
> the code correctly), so there is no leak, eventually.

But there's no way for fsi_slave_release() to be called, as the device
isn't registered with the core (d1dcd67825 effectively removed the
device_add from the slave device init).

I think that the BUG_ON that we're hitting in the release path is
through the cdev parent release, which brings the refcount down to 0,
then we do another put_device().

This could just be a matter of correcting the registration of the slave
to the device core - I'll take a look here.

Cheers,


Jeremy



More information about the openbmc mailing list