[PATCH v3] rpmsg: Avoid double-free in mtk_rpmsg_register_device

From: Nicolas Boichat
Date: Wed Sep 02 2020 - 20:06:18 EST

Next message: Xie He: "[PATCH net v2] drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices"
Previous message: Randy Dunlap: "Re: [PATCH v2] mm/doc: editorial pass on page migration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If rpmsg_register_device fails, it will call
mtk_rpmsg_release_device which already frees mdev.

Fixes: 7017996951fd ("rpmsg: add rpmsg support for mt8183 SCP.")
Signed-off-by: Nicolas Boichat <drinkcat@xxxxxxxxxxxx>
Reviewed-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
---

Changes in v3:
- 12-char Fixes tag (Mathieu Poirier)

Changes in v2:
- Drop useless if and ret variable (Markus Elfring)

drivers/rpmsg/mtk_rpmsg.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/drivers/rpmsg/mtk_rpmsg.c b/drivers/rpmsg/mtk_rpmsg.c
index 83f2b8804ee9..96a17ec29140 100644
--- a/drivers/rpmsg/mtk_rpmsg.c
+++ b/drivers/rpmsg/mtk_rpmsg.c
@@ -200,7 +200,6 @@ static int mtk_rpmsg_register_device(struct mtk_rpmsg_rproc_subdev *mtk_subdev,
struct rpmsg_device *rpdev;
struct mtk_rpmsg_device *mdev;
struct platform_device *pdev = mtk_subdev->pdev;
- int ret;

mdev = kzalloc(sizeof(*mdev), GFP_KERNEL);
if (!mdev)
@@ -219,13 +218,7 @@ static int mtk_rpmsg_register_device(struct mtk_rpmsg_rproc_subdev *mtk_subdev,
rpdev->dev.parent = &pdev->dev;
rpdev->dev.release = mtk_rpmsg_release_device;

- ret = rpmsg_register_device(rpdev);
- if (ret) {
- kfree(mdev);
- return ret;
- }
-
- return 0;
+ return rpmsg_register_device(rpdev);
}

static void mtk_register_device_work_function(struct work_struct *register_work)
--
2.28.0.402.g5ffc5be6b7-goog

Next message: Xie He: "[PATCH net v2] drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices"
Previous message: Randy Dunlap: "Re: [PATCH v2] mm/doc: editorial pass on page migration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]