On Fri, 9 Mar 2018 16:20:49 +0530 Arvind Yadav <[email protected]> wrote:
> if device_register() returned an error! Always use put_device() > to give up the reference initialized. > > Signed-off-by: Arvind Yadav <[email protected]> > --- > drivers/mtd/ubi/vmt.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c > index 3fd8d7f..db85b68 100644 > --- a/drivers/mtd/ubi/vmt.c > +++ b/drivers/mtd/ubi/vmt.c > @@ -609,6 +609,7 @@ int ubi_add_volume(struct ubi_device *ubi, struct > ubi_volume *vol) > return err; > > out_cdev: > + put_device(&vol->dev); > cdev_del(&vol->cdev); use-after-free bug here: put_device() has freed the vol obj, and you're dereferencing the pointer just after that. > return err; > } -- Boris Brezillon, Bootlin (formerly Free Electrons) Embedded Linux and Kernel engineering https://bootlin.com
