Re: [PATCH] tpm: tpm_nsc: Fix a double free of pdev in cleanup_nsc
From: Stefan Berger
Date: Fri Aug 05 2011 - 10:21:02 EST
On 08/03/2011 07:58 PM, Axel Lin wrote:
platform_device_unregister() will release all resources
and remove it from the subsystem, then drop reference count by
calling platform_device_put().
I also changed code into that direction in the recent patch to the
tpm_nsc driver. I didn't know whether that memory had to be freed or
not. Looking at several other drivers I found that none was freeing it
but calling platform_device_put() (which is also called by
platform_device_unregiser()) with the memory previously allocated via
platform_device_alloc(). Though platform_device_put() calls put_device()
http://lxr.linux.no/#linux+v3.0/drivers/base/platform.c#L138
which in turn calls kobject_put().
http://lxr.linux.no/#linux+v3.0/drivers/base/core.c#L1066
It was not clear to me whether the pdev memory would actually get freed
by kobject_put() -- but since other drivers were not freeing it
explicitly I wasn't sure. So either many drivers have a memory leak or
tpm_nsc was previously right about freeing it...
Stefan
We should not call kfree(pdev) after platform_device_unregister(pdev).
Signed-off-by: Axel Lin<axel.lin@xxxxxxxxx>
---
drivers/char/tpm/tpm_nsc.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm_nsc.c b/drivers/char/tpm/tpm_nsc.c
index 82facc9..4d24648 100644
--- a/drivers/char/tpm/tpm_nsc.c
+++ b/drivers/char/tpm/tpm_nsc.c
@@ -396,8 +396,6 @@ static void __exit cleanup_nsc(void)
if (pdev) {
tpm_nsc_remove(&pdev->dev);
platform_device_unregister(pdev);
- kfree(pdev);
- pdev = NULL;
}
platform_driver_unregister(&nsc_drv);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/