On Thu, Jan 12, 2017 at 07:46:08PM +0200, Jarkko Sakkinen wrote:
> struct tpm_chip {
> - struct device dev;
> - struct cdev cdev;
> + struct device dev, devrm;
Hum.. devrm adds a new kref but doesn't do anything with the release
function, so that is going to use after free, ie here:
> put_device(&chip->dev);
>+ put_device(&chip->devrm);
> return ERR_PTR(rc);
And other places.
One solution is to get_device(chip->dev) after
device_initialize(dev->rm) and add a devrm->dev.release function to
do put_device(chip->dev)
Jason
