Re: mwifiex: don't do unbalanced free()'ing in cleanup_if()

From: Kalle Valo
Date: Fri Nov 18 2016 - 06:25:32 EST

Brian Norris <briannorris@xxxxxxxxxxxx> wrote:
> The cleanup_if() callback is the inverse of init_if(). We allocate our
> 'card' interface structure in the probe() function, but we free it in
> cleanup_if(). That gives a few problems:
> (a) we leak this memory if probe() fails before we reach init_if()
> (b) we can't safely utilize 'card' after cleanup_if() -- namely, in
> remove() or suspend(), both of which might race with the cleanup
> paths in our asynchronous FW initialization path
> Solution: just use devm_kzalloc(), which will free this structure
> properly when the device is removed -- and drop the set_drvdata(...,
> NULL), since the driver core does this for us. This also removes the
> temptation to use drvdata == NULL as a hack for checking if the device
> has been "cleaned up."
> I *do* leave the set_drvdata(..., NULL) for the hacky SDIO
> mwifiex_recreate_adapter(), since the device core won't be able to clear
> that one for us.
> Signed-off-by: Brian Norris <briannorris@xxxxxxxxxxxx>

Patch applied to wireless-drivers-next.git, thanks.

66b9c182538e mwifiex: don't do unbalanced free()'ing in cleanup_if()


Documentation about submitting wireless patches and checking status
from patchwork: