Object out is not released on path that no VMA instance found. The root
cause is jumping to an unexpected label on the error path.
Fixes: a47e788c2310 ("drm/i915/selftests: Exercise CS TLB invalidation")
Signed-off-by: Pan Bian
---
drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 2
The dst entry should be released if no neighbour is found. Goto label
free_dst to fix the issue. Besides, the check of ndev against NULL is
redundant.
Signed-off-by: Pan Bian
---
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c| 7 +++
1 file changed, 3 insertions(+), 4 deletions
Goto to the label put_dev instead of the label error to fix potential
resource leak on path that the target index is invalid.
Fixes: c4fbb6515a4d ("NFC: The core part should generate the target index")
Signed-off-by: Pan Bian
---
net/nfc/rawsock.c | 2 +-
1 file changed, 1 inser
Put the device to avoid resource leak on path that the polling flag is
invalid.
Fixes: a831b9132065 ("NFC: Do not return EBUSY when stopping a poll that's
already stopped")
Signed-off-by: Pan Bian
---
net/nfc/netlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/nfc/netli
Put parent device node parent_np if there is no enough memory.
Fixes: aed6f3cadc86 ("reset: berlin: convert to a platform driver")
Signed-off-by: Pan Bian
---
drivers/reset/reset-berlin.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/reset/reset-
t;bus: qcom: add EBI2 driver")
Signed-off-by: Pan Bian
---
drivers/bus/qcom-ebi2.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/qcom-ebi2.c b/drivers/bus/qcom-ebi2.c
index 03ddcf426887..0b8f53a688b8 100644
--- a/drivers/bus/qcom-ebi2.c
+++ b/drivers/bus/q
Call hci_dev_put() to decrement reference count of HCI device hdev if
fails to duplicate memory.
Fixes: 0b26ab9dce74 ("Bluetooth: AMP: Handle Accept phylink command status evt")
Signed-off-by: Pan Bian
---
net/bluetooth/a2mp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net
The allocated page is not released if error occurs in
nvm_submit_io_sync_raw(). __free_page() is moved ealier to avoid
possible memory leak issue.
Fixes: aff3fb18f957 ("lightnvm: move bad block and chunk state logic to core")
Signed-off-by: Pan Bian
---
drivers/lightnvm/core.c | 3 +
Put the device node dn before return error code on failure path.
Fixes: 461cd1b03e32 ("net: dsa: bcm_sf2: Register our slave MDIO bus")
Signed-off-by: Pan Bian
---
drivers/net/dsa/bcm_sf2.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/dsa/b
be dropped manually.
Fixes: 5a7c81547c1d ("memory: ti-aemif: introduce AEMIF driver")
Signed-off-by: Pan Bian
---
drivers/memory/ti-aemif.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/memory/ti-aemif.c b/drivers/memory/ti-aemif.c
index 15
Put the child node np when it fails to get or register device.
Signed-off-by: Pan Bian
---
drivers/mtd/spi-nor/controllers/hisi-sfc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/spi-nor/controllers/hisi-sfc.c
b/drivers/mtd/spi-nor/controllers/hisi-sfc.c
Instead of directly return, goto the error handling label to free
allocated page.
Fixes: 5f29458b77d5 ("net/mlx5e: Support dump callback in TX reporter")
Signed-off-by: Pan Bian
---
drivers/net/ethernet/mellanox/mlx5/core/en/health.c | 2 +-
1 file changed, 1 insertion(+), 1 deletio
Jump to the label done to decrement the reference count of HCI device
hdev on path that the Inquiry procedure is interrupted.
Fixes: 3e13fa1e1fab ("Bluetooth: Fix hci_inquiry ioctl usage")
Signed-off-by: Pan Bian
---
net/bluetooth/hci_core.c | 6 --
1 file changed, 4 insert
Call of_node_put() to drop references of regulators_np and reg_np before
returning error code.
Fixes: 9ae5cc75ceaa ("regulator: s5m8767: Pass descriptor instead of GPIO
number")
Signed-off-by: Pan Bian
---
drivers/regulator/s5m8767.c | 7 +--
1 file changed, 5 insertions(+), 2
Put file f if inode_storage_ptr() returns NULL.
Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
Acked-by: KP Singh
Signed-off-by: Pan Bian
---
kernel/bpf/bpf_inode_storage.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/
Put tlink before returning error code.
Fixes: 8ceb98437946 ("CIFS: Move rename to ops struct")
Signed-off-by: Pan Bian
---
fs/cifs/inode.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index a83b3a8ffaac..9c31b6178638 10064
Also decrement the reference count of child device on error path.
Fixes: 3e782985cb3c ("net: ethernet: fec: Allow configuration of MDIO bus
speed")
Signed-off-by: Pan Bian
---
drivers/net/ethernet/freescale/fec_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Remove the config data when rate setting fails.
Fixes: 9efc9b2b04c7 ("net: stmmac: Add dwmac-intel-plat for GBE driver")
Signed-off-by: Pan Bian
---
drivers/net/ethernet/stmicro/stmmac/dwmac-intel-plat.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/d
Drop the reference of the child node sen_child before goto out of
the loop.
Signed-off-by: Pan Bian
---
drivers/thermal/sprd_thermal.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/thermal/sprd_thermal.c b/drivers/thermal/sprd_thermal.c
index 3682edb2f466..e843f10167b8 100644
Also drop the reference count of the node on error path.
Fixes: 508f610648b9 ("PCI: xilinx-cpm: Add Versal CPM Root Port driver")
Signed-off-by: Pan Bian
---
drivers/pci/controller/pcie-xilinx-cpm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/controller/pcie-xilin
Decrements the reference count of device node and its child node.
Fixes: dfe7a1b058bb ("regulator: AXP20x: Add support for regulators subsystem")
Signed-off-by: Pan Bian
---
drivers/regulator/axp20x-regulator.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git
Put DRM device on initialization failure path rather than directly
return error code.
Fixes: a67d5088ceb8 ("drm/imx: drop explicit drm_mode_config_cleanup")
Signed-off-by: Pan Bian
---
drivers/gpu/drm/imx/imx-drm-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
The reference count of the old buffer head should be decremented on path
that fails to get the new buffer head.
Fixes: 6b4657667ba0 ("fs/affs: add rename exchange")
Signed-off-by: Pan Bian
---
fs/affs/namei.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/af
On the error path, it should goto the error handling label to free
allocated memory rather than directly return.
Fixes: 6328a126896e ("net: systemport: Manage Wake-on-LAN clock")
Signed-off-by: Pan Bian
---
drivers/net/ethernet/broadcom/bcmsysport.c | 6 --
1 file changed, 4
Free the request rq before returning error code.
Fixes: 972248e9111e ("scsi: bsg-lib: handle bidi requests without block layer
help")
Signed-off-by: Pan Bian
---
block/bsg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/block/bsg.c b/block/bsg.c
index d7
Stop inode updating before returning the error code.
Fixes: aa75f4d3daae ("ext4: main fast-commit commit path")
Signed-off-by: Pan Bian
---
fs/ext4/inode.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index c173c8405856..64
Release the buffer header before returning error code.
Fixes: 2deb1acc653c ("isofs: fix access to unallocated memory when reading
corrupted filesystem")
Signed-off-by: Pan Bian
---
fs/isofs/dir.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/isofs/dir.c b/fs/isofs/d
The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty.
However, the reference is dropped again if error occurs during
ext4_handle_dirty_metadata, which may result in use-after-free bugs.
Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM
cases")
Signed-o
ice. This patch fixes these issues.
Signed-off-by: Pan Bian
---
drivers/hwtracing/stm/core.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index c7ba8ac..cfb5c4d 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/driv
The memory allocated in the function iio_dummy_evgen_create is not
released if it fails to add the evgen device to device hierarchy. This
may result in a memory leak bug.
Signed-off-by: Pan Bian
---
drivers/iio/dummy/iio_dummy_evgen.c | 5 -
1 file changed, 4 insertions(+), 1 deletion
In the function that creates a CSROW object, the object is not released
when failing to add the device to device hierarchy. This may result in a
memory leak bug.
Signed-off-by: Pan Bian
---
drivers/edac/edac_mc_sysfs.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git
The RMI4 function structure has been released in rmi_register_function
if error occurs. However, it will be released again in the function
rmi_create_function, which may result in a double-free bug.
Signed-off-by: Pan Bian
---
drivers/input/rmi4/rmi_driver.c | 6 +-
1 file changed, 1
Signed-off-by: Pan Bian
---
drivers/fsi/fsi-core.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c
index 2c31563..2bb6625 100644
--- a/drivers/fsi/fsi-core.c
+++ b/drivers/fsi/fsi-core.c
@@ -1056,8 +1056,7 @@ static int fsi_slave_i
There are two issues in the error handling code. First, if ID allocation
fails, the reference count of carrier is decremented, which has
not been incremented yet. Second, if device_add fails, the allocated ID
will not be released. This patches fixes them.
Signed-off-by: Pan Bian
---
drivers/mcb
owever, after put_device, host is used and released
again. Resulting in a use-after-free bug.
Fixes: 1ed21719448("mmc: core: fix error path in mmc_host_alloc")
Signed-off-by: Pan Bian
---
drivers/mmc/core/host.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/mmc/core/host.c b/
aging capabilities")
Signed-off-by: Pan Bian
---
drivers/mtd/ubi/kapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/kapi.c b/drivers/mtd/ubi/kapi.c
index e9e9ecb..0b8f0c4 100644
--- a/drivers/mtd/ubi/kapi.c
+++ b/drivers/mtd/ubi/kapi.c
@@ -227,9 +227,9
aging capabilities")
Signed-off-by: Pan Bian
---
drivers/mtd/ubi/kapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/kapi.c b/drivers/mtd/ubi/kapi.c
index e9e9ecb..0b8f0c4 100644
--- a/drivers/mtd/ubi/kapi.c
+++ b/drivers/mtd/ubi/kapi.c
@@ -227,9 +227,9
The MTD device reference is dropped via put_mtd_device, however its
field ->index is read and passed to ubi_msg. To fix this, the patch
moves the reference dropping after calling ubi_msg.
Signed-off-by: Pan Bian
---
drivers/mtd/ubi/build.c | 2 +-
1 file changed, 1 insertion(+), 1 delet
The MTD device reference is dropped via put_mtd_device, however its
field ->index is read and passed to ubi_msg. To fix this, the patch
moves the reference dropping after calling ubi_msg.
Signed-off-by: Pan Bian
---
drivers/mtd/ubi/build.c | 2 +-
1 file changed, 1 insertion(+), 1 delet
pci_device->revision is read after dropping pci_device reference via
pci_dev_put, which may result in use-after-free bugs. To fix this, the
patch reads ->revision before dropping reference.
Signed-off-by: Pan Bian
---
drivers/ata/pata_sis.c | 4 +++-
drivers/ata/pata_sl82c105.c | 4 +
pci_device->revision is read after dropping pci_device reference via
pci_dev_put, which may result in use-after-free bugs. To fix this, the
patch reads ->revision before dropping reference.
Signed-off-by: Pan Bian
---
drivers/ata/pata_sis.c | 4 +++-
drivers/ata/pata_sl82c105.c | 4 +
The function sis_find_family drops lpc_bridge reference via pci_dev_put,
however, after that, field lpc_bridge->revision is read. This may result
in a use after free bug. The patch moves the put operation after the
condition check.
Signed-off-by: Pan Bian
---
drivers/ide/sis5513.c | 3 ++-
The function sis_find_family drops lpc_bridge reference via pci_dev_put,
however, after that, field lpc_bridge->revision is read. This may result
in a use after free bug. The patch moves the put operation after the
condition check.
Signed-off-by: Pan Bian
---
drivers/ide/sis5513.c | 3 ++-
The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
reference. However, pag->pagf_btreeblks is read and write after the
put operation. This patch moves the put operation late.
Signed-off-by: Pan Bian
---
V2: correct the commit log
---
fs/xfs/libxfs/xfs_alloc.c | 2 +-
1 f
The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
reference. However, pag->pagf_btreeblks is read and write after the
put operation. This patch moves the put operation late.
Signed-off-by: Pan Bian
---
V2: correct the commit log
---
fs/xfs/libxfs/xfs_alloc.c | 2 +-
1 f
The function frees qf_inode via iput but then pass qf_inode to
lockdep_set_quota_inode on the failure path. This may result in a
use-after-free bug. The patch frees df_inode only when it is never used.
Signed-off-by: Pan Bian
Fixes: daf647d2dd5("ext4: add lockdep annotations for i_dat
The function frees qf_inode via iput but then pass qf_inode to
lockdep_set_quota_inode on the failure path. This may result in a
use-after-free bug. The patch frees df_inode only when it is never used.
Signed-off-by: Pan Bian
Fixes: daf647d2dd5("ext4: add lockdep annotations for i_dat
ing and putting the page.
Signed-off-by: Pan Bian
---
fs/nilfs2/gcinode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/nilfs2/gcinode.c b/fs/nilfs2/gcinode.c
index aa3c328..a24bb29 100644
--- a/fs/nilfs2/gcinode.c
+++ b/fs/nilfs2/gcinode.c
@@ -73,10 +73,8 @@
ing and putting the page.
Signed-off-by: Pan Bian
---
fs/nilfs2/gcinode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/nilfs2/gcinode.c b/fs/nilfs2/gcinode.c
index aa3c328..a24bb29 100644
--- a/fs/nilfs2/gcinode.c
+++ b/fs/nilfs2/gcinode.c
@@ -73,10 +73,8 @@
. The patch sets bh1 and bh2 to NULL after their
reference counts are decreased.
Signed-off-by: Pan Bian
---
fs/qnx6/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/qnx6/inode.c b/fs/qnx6/inode.c
index 4aeb26b..e8a8536 100644
--- a/fs/qnx6/inode.c
+++ b/fs/qnx6/inode.c
@@ -405,12
. The patch sets bh1 and bh2 to NULL after their
reference counts are decreased.
Signed-off-by: Pan Bian
---
fs/qnx6/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/qnx6/inode.c b/fs/qnx6/inode.c
index 4aeb26b..e8a8536 100644
--- a/fs/qnx6/inode.c
+++ b/fs/qnx6/inode.c
@@ -405,12
The function autofs_expire_run calls dput(dentry) to drop the reference
count of dentry. However, dentry is read via autofs_dentry_ino(dentry)
after that. This may result in a use-free-bug. The patch drops the
reference count of dentry only when it is never used.
Signed-off-by: Pan Bian
---
fs
The function autofs_expire_run calls dput(dentry) to drop the reference
count of dentry. However, dentry is read via autofs_dentry_ino(dentry)
after that. This may result in a use-free-bug. The patch drops the
reference count of dentry only when it is never used.
Signed-off-by: Pan Bian
---
fs
-off-by: Pan Bian
---
fs/freevxfs/vxfs_bmap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/freevxfs/vxfs_bmap.c b/fs/freevxfs/vxfs_bmap.c
index 1fd41cf..136e5d1 100644
--- a/fs/freevxfs/vxfs_bmap.c
+++ b/fs/freevxfs/vxfs_bmap.c
@@ -150,6 +150,7 @@ vxfs_bmap_indir(struct inode *ip, long
-off-by: Pan Bian
---
fs/freevxfs/vxfs_bmap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/freevxfs/vxfs_bmap.c b/fs/freevxfs/vxfs_bmap.c
index 1fd41cf..136e5d1 100644
--- a/fs/freevxfs/vxfs_bmap.c
+++ b/fs/freevxfs/vxfs_bmap.c
@@ -150,6 +150,7 @@ vxfs_bmap_indir(struct inode *ip, long
The function ext2_xattr_set calls brelse(bh) to drop the reference count
of bh. After that, bh may be freed. However, following brelse(bh),
it reads bh->b_data via macro HDR(bh). This may result in a
use-after-free bug. This patch moves brelse(bh) after reading field.
Signed-off-by: Pan B
The function ext2_xattr_set calls brelse(bh) to drop the reference count
of bh. After that, bh may be freed. However, following brelse(bh),
it reads bh->b_data via macro HDR(bh). This may result in a
use-after-free bug. This patch moves brelse(bh) after reading field.
Signed-off-by: Pan B
After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
This may result in a use-after-free bug. This patch moves the put
operation late.
Fixes: da1ce0670c14("vfs: add cross-rename")
Signed-off-by: Pan Bian
---
V2: correct the fixes commit information
---
fs/namei.c
After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
This may result in a use-after-free bug. This patch moves the put
operation late.
Fixes: da1ce0670c14("vfs: add cross-rename")
Signed-off-by: Pan Bian
---
V2: correct the fixes commit information
---
fs/namei.c
The function hfs_bmap_free frees node via hfs_bnode_put(node).
However, it then reads node->this when dumping error message on an error
path, which may result in a use-after-free bug. This patch frees node
only when it is never used.
Signed-off-by: Pan Bian
---
fs/hfsplus/btree.c | 3 ++-
The function hfs_bmap_free frees node via hfs_bnode_put(node).
However, it then reads node->this when dumping error message on an error
path, which may result in a use-after-free bug. This patch frees node
only when it is never used.
Signed-off-by: Pan Bian
---
fs/hfsplus/btree.c | 3 ++-
The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
reference. In this case, pag may be released. However,
pag->pagf_btreeblks is read and write after the put operation. This may
result in a use-after-free bug. This patch moves the put operation late.
Signed-off-by: Pan B
The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
reference. In this case, pag may be released. However,
pag->pagf_btreeblks is read and write after the put operation. This may
result in a use-after-free bug. This patch moves the put operation late.
Signed-off-by: Pan B
After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
This may result in a use-after-free bug. This patch moves the put
operation late.
Fixes: 49d31c2f389a("dentry name snapshots")
Signed-off-by: Pan Bian
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+),
After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
This may result in a use-after-free bug. This patch moves the put
operation late.
Fixes: 49d31c2f389a("dentry name snapshots")
Signed-off-by: Pan Bian
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+),
The function hfs_bmap_free frees node via hfs_bnode_put(node). However,
it then reads node->this when dumping error message on an error path,
which may result in a use-after-free bug. This patch frees node only
when it is never used.
Fixes: a1185ffa2fc("HFS rewrite")
Signed-off
The function hfs_bmap_free frees node via hfs_bnode_put(node). However,
it then reads node->this when dumping error message on an error path,
which may result in a use-after-free bug. This patch frees node only
when it is never used.
Fixes: a1185ffa2fc("HFS rewrite")
Signed-off
s to pr_")
Signed-off-by: Pan Bian
---
fs/hfs/btree.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c
index 98b96ff..19017d2 100644
--- a/fs/hfs/btree.c
+++ b/fs/hfs/btree.c
@@ -338,13 +338,14 @@ void hfs_bmap_free(struct hf
s to pr_")
Signed-off-by: Pan Bian
---
fs/hfs/btree.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c
index 98b96ff..19017d2 100644
--- a/fs/hfs/btree.c
+++ b/fs/hfs/btree.c
@@ -338,13 +338,14 @@ void hfs_bmap_free(struct hf
try with its parent obtained before
dropping the reference.
Fixes: a056cc8934c("exportfs: stop retrying once we race with
rename/remove")
Signed-off-by: Pan Bian
---
V2: get rid of the comment
---
fs/exportfs/expfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
try with its parent obtained before
dropping the reference.
Fixes: a056cc8934c("exportfs: stop retrying once we race with
rename/remove")
Signed-off-by: Pan Bian
---
V2: get rid of the comment
---
fs/exportfs/expfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
try with its parent obtained before
dropping the reference.
Fixes: a056cc8934c("exportfs: stop retrying once we race with
rename/remove")
Signed-off-by: Pan Bian
---
fs/exportfs/expfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/
try with its parent obtained before
dropping the reference.
Fixes: a056cc8934c("exportfs: stop retrying once we race with
rename/remove")
Signed-off-by: Pan Bian
---
fs/exportfs/expfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/
kfree() is incorrectly used to free the memory chunk allocated by
memstick_alloc_host(). Instead, memstick_free_host() should be used.
Fixes: 60fdd931d577("memstick: add support for JMicron jmb38x ...")
Signed-off-by: Pan Bian
---
drivers/memstick/host/jmb38x_ms.c | 2 +-
1 file
kfree() is incorrectly used to free the memory chunk allocated by
memstick_alloc_host(). Instead, memstick_free_host() should be used.
Fixes: 60fdd931d577("memstick: add support for JMicron jmb38x ...")
Signed-off-by: Pan Bian
---
drivers/memstick/host/jmb38x_ms.c | 2 +-
1 file
The memory chunk allocated by hid_allocate_device() should be released
by hid_destroy_device(), not kfree().
Fixes: 0b28cb4bcb1("HID: intel-ish-hid: ISH HID client driver")
Signed-off-by: Pan Bian
---
drivers/hid/intel-ish-hid/ishtp-hid.c | 2 +-
1 file changed, 1 insertion(+),
The memory chunk allocated by hid_allocate_device() should be released
by hid_destroy_device(), not kfree().
Fixes: 0b28cb4bcb1("HID: intel-ish-hid: ISH HID client driver")
Signed-off-by: Pan Bian
---
drivers/hid/intel-ish-hid/ishtp-hid.c | 2 +-
1 file changed, 1 insertion(+),
Commit-ID: 89c5a2d34bda58319e3075e8e7dd727ea25a435c
Gitweb: https://git.kernel.org/tip/89c5a2d34bda58319e3075e8e7dd727ea25a435c
Author: Pan Bian <bianpan2...@163.com>
AuthorDate: Wed, 6 Dec 2017 09:50:09 +
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate: Wed, 6 Dec 2
Commit-ID: 89c5a2d34bda58319e3075e8e7dd727ea25a435c
Gitweb: https://git.kernel.org/tip/89c5a2d34bda58319e3075e8e7dd727ea25a435c
Author: Pan Bian
AuthorDate: Wed, 6 Dec 2017 09:50:09 +
Committer: Ingo Molnar
CommitDate: Wed, 6 Dec 2017 19:32:08 +0100
efi/esrt: Use memunmap
to validate the
return value of platform_get_irq_byname().
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/iio/adc/cpcap-adc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/cpcap-adc.c b/drivers/iio/adc/cpcap-adc.c
index 6e419d5..f153e026 10064
to validate the
return value of platform_get_irq_byname().
Signed-off-by: Pan Bian
---
drivers/iio/adc/cpcap-adc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/cpcap-adc.c b/drivers/iio/adc/cpcap-adc.c
index 6e419d5..f153e026 100644
--- a/drivers/iio/adc/cpca
lidate the return
value of platform_get_irq_byname().
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/power/supply/cpcap-charger.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/cpcap-charger.c
b/drivers/power/supply/cpcap-charger.c
index 11a0763..e4905
lidate the return
value of platform_get_irq_byname().
Signed-off-by: Pan Bian
---
drivers/power/supply/cpcap-charger.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/cpcap-charger.c
b/drivers/power/supply/cpcap-charger.c
index 11a0763..e4905be 100644
--- a/dri
Function devm_gpiod_get_optional() returns an ERR_PTR on failure. Its
return value should not be validated by a NULL check. Instead, use IS_ERR.
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/net/dsa/lan9303-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
Function devm_gpiod_get_optional() returns an ERR_PTR on failure. Its
return value should not be validated by a NULL check. Instead, use IS_ERR.
Signed-off-by: Pan Bian
---
drivers/net/dsa/lan9303-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/dsa/lan9303
In function advansys_eisa_probe(), data->host[i] holds the return value
of scsi_host_alloc(). The memory allocated by scsi_host_alloc() should
be deallocated with scsi_host_put(), not kfree().
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/scsi/advansys.c | 4 ++--
1 file c
In function advansys_eisa_probe(), data->host[i] holds the return value
of scsi_host_alloc(). The memory allocated by scsi_host_alloc() should
be deallocated with scsi_host_put(), not kfree().
Signed-off-by: Pan Bian
---
drivers/scsi/advansys.c | 4 ++--
1 file changed, 2 insertions(+)
is unexpected.
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/net/ethernet/hisilicon/hns/hns_enet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c
b/drivers/net/ethernet/hisilicon/hns/hns_enet.c
index 3652063..e
is unexpected.
Signed-off-by: Pan Bian
---
drivers/net/ethernet/hisilicon/hns/hns_enet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c
b/drivers/net/ethernet/hisilicon/hns/hns_enet.c
index 3652063..e771926 100644
--- a/drivers
In function advansys_eisa_probe(), data->host[i] holds the return value
of scsi_host_alloc(). The memory allocated by scsi_host_alloc() should
be deallocated with scsi_host_put(), not kfree().
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/scsi/advansys.c | 4 ++--
1 file c
In function advansys_eisa_probe(), data->host[i] holds the return value
of scsi_host_alloc(). The memory allocated by scsi_host_alloc() should
be deallocated with scsi_host_put(), not kfree().
Signed-off-by: Pan Bian
---
drivers/scsi/advansys.c | 4 ++--
1 file changed, 2 insertions(+)
The remapping result of memremap should be freed with memunmap, not
kfree.
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/firmware/efi/esrt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/esrt.c b/drivers/firmware/efi/esrt.c
index b
The remapping result of memremap should be freed with memunmap, not
kfree.
Signed-off-by: Pan Bian
---
drivers/firmware/efi/esrt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/esrt.c b/drivers/firmware/efi/esrt.c
index bd7ed3c..3ef7001 100644
is unexpected.
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/net/ethernet/hisilicon/hns/hns_enet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c
b/drivers/net/ethernet/hisilicon/hns/hns_enet.c
index 3652063..e
is unexpected.
Signed-off-by: Pan Bian
---
drivers/net/ethernet/hisilicon/hns/hns_enet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c
b/drivers/net/ethernet/hisilicon/hns/hns_enet.c
index 3652063..e771926 100644
--- a/drivers
The function netdev_priv() returns the private data of the device. The
memory to store the private data is allocated in alloc_netdev() and is
released in netdev_free(). Calling kfree() on the return value of
netdev_priv() after netdev_free() results in a double free bug.
Signed-off-by: Pan Bian
The function netdev_priv() returns the private data of the device. The
memory to store the private data is allocated in alloc_netdev() and is
released in netdev_free(). Calling kfree() on the return value of
netdev_priv() after netdev_free() results in a double free bug.
Signed-off-by: Pan Bian
Memory allocated by kmem_cache_alloc() should not be deallocated with
kfree(). Use kmem_cache_free() instead.
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/mtd/ubi/fastmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/fastmap.c b/drive
Memory allocated by kmem_cache_alloc() should not be deallocated with
kfree(). Use kmem_cache_free() instead.
Signed-off-by: Pan Bian
---
drivers/mtd/ubi/fastmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/fastmap.c b/drivers/mtd/ubi/fastmap.c
index
The function kunmap_atomatic() is called on the same variable twice,
i.e. pt->v. In the second call, its parameter should be variable v
rather than pt->v.
Signed-off-by: Pan Bian <bianpan2...@163.com>
---
drivers/gpu/drm/gma500/mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 delet
1 - 100 of 375 matches
Mail list logo
