when device_register() fails, we should call ida_free().
Fixes: 9a44c1cc6388 ("net: Add a WWAN subsystem")
Signed-off-by: Bo Liu <[email protected]>
---
Changes from v1:
-Add a Fixes tag pointing to the commit
drivers/net/wwan/wwan_core.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c
index b8c7843730ed..0f653e320b2b 100644
--- a/drivers/net/wwan/wwan_core.c
+++ b/drivers/net/wwan/wwan_core.c
@@ -228,8 +228,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
wwandev = kzalloc(sizeof(*wwandev), GFP_KERNEL);
if (!wwandev) {
wwandev = ERR_PTR(-ENOMEM);
- ida_free(&wwan_dev_ids, id);
- goto done_unlock;
+ goto error_free_ida;
}
wwandev->dev.parent = parent;
@@ -242,7 +241,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
if (err) {
put_device(&wwandev->dev);
wwandev = ERR_PTR(err);
- goto done_unlock;
+ goto error_free_ida;
}
#ifdef CONFIG_WWAN_DEBUGFS
@@ -251,6 +250,8 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
wwan_debugfs_dir);
#endif
+error_free_ida:
+ ida_free(&wwan_dev_ids, id);
done_unlock:
mutex_unlock(&wwan_register_lock);
@@ -448,8 +449,7 @@ struct wwan_port *wwan_create_port(struct device *parent,
port = kzalloc(sizeof(*port), GFP_KERNEL);
if (!port) {
err = -ENOMEM;
- ida_free(&minors, minor);
- goto error_wwandev_remove;
+ goto error_free_ida;
}
port->type = type;
@@ -484,6 +484,8 @@ struct wwan_port *wwan_create_port(struct device *parent,
error_put_device:
put_device(&port->dev);
+error_free_ida:
+ ida_free(&minors, minor);
error_wwandev_remove:
wwan_remove_dev(wwandev);
--
2.27.0
Hello Bo,
generally the patch looks good to me, but it needs improvement in the
wwan_create_dev() part. Sorry that I missed this part in the previous
review. See details below.
On Mon, Jul 11, 2022 at 3:54 AM Bo Liu <[email protected]> wrote:
>
> when device_register() fails, we should call ida_free().
>
> Fixes: 9a44c1cc6388 ("net: Add a WWAN subsystem")
> Signed-off-by: Bo Liu <[email protected]>
> ---
> Changes from v1:
> -Add a Fixes tag pointing to the commit
>
> drivers/net/wwan/wwan_core.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c
> index b8c7843730ed..0f653e320b2b 100644
> --- a/drivers/net/wwan/wwan_core.c
> +++ b/drivers/net/wwan/wwan_core.c
> @@ -228,8 +228,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
> wwandev = kzalloc(sizeof(*wwandev), GFP_KERNEL);
> if (!wwandev) {
> wwandev = ERR_PTR(-ENOMEM);
> - ida_free(&wwan_dev_ids, id);
> - goto done_unlock;
> + goto error_free_ida;
> }
>
> wwandev->dev.parent = parent;
> @@ -242,7 +241,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
> if (err) {
> put_device(&wwandev->dev);
> wwandev = ERR_PTR(err);
> - goto done_unlock;
> + goto error_free_ida;
> }
>
> #ifdef CONFIG_WWAN_DEBUGFS
> @@ -251,6 +250,8 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
> wwan_debugfs_dir);
> #endif
>
> +error_free_ida:
> + ida_free(&wwan_dev_ids, id);
> done_unlock:
> mutex_unlock(&wwan_register_lock);
>
This hunk misses the case of a successful device registration. After
patching, the code will look like this:
err = device_register(&wwandev->dev);
if (err) {
put_device(&wwandev->dev);
wwandev = ERR_PTR(err);
goto error_free_ida;
}
wwandev->debugfs_dir =
debugfs_create_dir(kobject_name(&wwandev->dev.kobj),
wwan_debugfs_dir);
error_free_ida:
ida_free(&wwan_dev_ids, id);
done_unlock:
mutex_unlock(&wwan_register_lock);
As you can see, even if the device will be registered successfully,
the allocated id will be unconditionally freed.
The easiest way to fix this is to add "goto done_unlock" right after
the debugfs directory creation call. So the hunk should become
something like this:
@@ -249,8 +248,12 @@ static struct wwan_device *wwan_create_dev(struct
device *parent)
wwandev->debugfs_dir =
debugfs_create_dir(kobject_name(&wwandev->dev.kobj),
wwan_debugfs_dir);
#endif
+ goto done_unlock;
+
+error_free_ida:
+ ida_free(&wwan_dev_ids, id);
done_unlock:
mutex_unlock(&wwan_register_lock);
--
Sergey