Re: [PATCH] rpmsg: Avoid double-free in mtk_rpmsg_register_device()

[Nicolas Boichat]

On Wed, Sep 2, 2020 at 5:33 PM Markus Elfring <Markus.Elfring@xxxxxx> wrote:
>
> > If rpmsg_register_device fails, it will call
> > mtk_rpmsg_release_device which already frees mdev.
>
> Can another imperative wording become helpful for the change description?
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=9c7d619be5a002ea29c172df5e3c1227c22cbb41#n151

Looking at your posting history, I'll leave it up to the maintainer.

> …
> > +++ b/drivers/rpmsg/mtk_rpmsg.c
> > @@ -220,10 +220,8 @@  static int mtk_rpmsg_register_device(struct mtk_rpmsg_rproc_subdev *mtk_subdev,
> >       rpdev->dev.release = mtk_rpmsg_release_device;
> >
> >       ret = rpmsg_register_device(rpdev);
> > -     if (ret) {
> > -             kfree(mdev);
> > +     if (ret)
> >               return ret;
> > -     }
> >
> >       return 0;
> >  }
>
>
> * How do you think about to use the following code variant instead?
>
>         return rpmsg_register_device(rpdev);
>
> * Would you like to omit the variable “ret” for this function implementation?

That's a good suggestion, I'll update and send a v2.

>
> Regards,
> Markus