Re: [PATCH] net: mdio: Fix a double free issue in the .remove function

[Christophe JAILLET]

Le 12/05/2021 à 23:44, Andrew Lunn a écrit :
> On Wed, May 12, 2021 at 11:35:38PM +0200, Christophe JAILLET wrote:
> > 'bus->mii_bus' have been allocated with 'devm_mdiobus_alloc_size()' in the
> > probe function. So it must not be freed explicitly or there will be a
> > double free.
>
> Hi Christophe
>
> [PATCH] net: mdio: Fix a double free issue in the .remove function
>
> Please indicate in the subject which mdio bus driver has a double
> free.

Ok, will do.
But looking at [1], it was not not self-explanatory that it was the rule 
here :)

> Also, octeon_mdiobus_remove() appears to have the same problem.

In fact, even a little worse. It also calls 'mdiobus_free()' in the 
error handling path of the probe (which is why my coccinelle script 
didn't spot it. It looks for discrepancy between error handling path in 
the probe and the remove function. If both are wrong, it looks safe :) )

I'll send another patch for this driver.

CJ

>        Andrew

[1]: 
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/log/drivers/net/mdio