irq allocated with devm_request_irq() will be freed in devm_irq_release(),
using free_irq() in ->remove() will causes a dangling pointer, and a
subsequent double free. So remove the free_irq() in svc_i3c_master_remove().
Reported-by: Hulk Robot <[email protected]>
Signed-off-by: Yang Yingliang <[email protected]>
---
v2:
removing free_irq() instead of using devm_free_irq()
---
drivers/i3c/master/svc-i3c-master.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c
index 1f6ba4221817..eeb49b5d90ef 100644
--- a/drivers/i3c/master/svc-i3c-master.c
+++ b/drivers/i3c/master/svc-i3c-master.c
@@ -1448,7 +1448,6 @@ static int svc_i3c_master_remove(struct platform_device *pdev)
if (ret)
return ret;
- free_irq(master->irq, master);
clk_disable_unprepare(master->pclk);
clk_disable_unprepare(master->fclk);
clk_disable_unprepare(master->sclk);
--
2.25.1
Hello,
Yang Yingliang <[email protected]> wrote on Wed, 2 Jun 2021
16:49:35 +0800:
> irq allocated with devm_request_irq() will be freed in devm_irq_release(),
> using free_irq() in ->remove() will causes a dangling pointer, and a
> subsequent double free. So remove the free_irq() in svc_i3c_master_remove().
>
> Reported-by: Hulk Robot <[email protected]>
> Signed-off-by: Yang Yingliang <[email protected]>
Reviewed-by: Miquel Raynal <[email protected]>
Thanks,
Miquèl
On Wed, 2 Jun 2021 16:49:35 +0800, Yang Yingliang wrote:
> irq allocated with devm_request_irq() will be freed in devm_irq_release(),
> using free_irq() in ->remove() will causes a dangling pointer, and a
> subsequent double free. So remove the free_irq() in svc_i3c_master_remove().
Applied, thanks!
[1/1] i3c: master: svc: drop free_irq of devm_request_irq allocated irq
commit: 59a61e69c4252b4e8ecd15e752b0d2337f0121b7
Best regards,
--
Alexandre Belloni <[email protected]>