On Wed, Feb 5, 2020 at 4:38 AM Dan Carpenter <[email protected]> wrote:
>
> Hello Dan Williams,
>
> The patch 4d88a97aa9e8: "libnvdimm, nvdimm: dimm driver and base
> libnvdimm device-driver infrastructure" from May 31, 2015, leads to
> the following static checker warning:
>
> drivers/nvdimm/bus.c:511 nd_async_device_register()
> error: dereferencing freed memory 'dev'
>
> drivers/nvdimm/bus.c
> 502 static void nd_async_device_register(void *d, async_cookie_t cookie)
> 503 {
> 504 struct device *dev = d;
> 505
> 506 if (device_add(dev) != 0) {
> 507 dev_err(dev, "%s: failed\n", __func__);
> 508 put_device(dev);
> ^^^^^^^^^^^^^^^
> 509 }
> 510 put_device(dev);
> ^^^^^^^^^^^^^^
> 511 if (dev->parent)
> 512 put_device(dev->parent);
> 513 }
>
> We call get_device() from __nd_device_register(), I guess. It seems
> buggy to call put device twice on error.
The registration path does:
get_device(dev);
async_schedule_dev_domain(nd_async_device_register, dev,
&nd_async_domain);
...and device_add() does its own get_device(). I could add a comment
to clarify which put_device() is correlated to which put_device(), but
this seems a false positive to me.
_______________________________________________
Linux-nvdimm mailing list -- [email protected]
To unsubscribe send an email to [email protected]
