Received: by 10.213.65.68 with SMTP id h4csp1192894imn;
        Wed, 14 Mar 2018 12:25:04 -0700 (PDT)
X-Google-Smtp-Source: AG47ELuUQgaTWBhtC6Ln4L31Do5OKltDEi46wQFbvA+FhFqOZeD85BPEN7NL1kt9FGITWhvA21GS
X-Received: by 10.101.88.4 with SMTP id g4mr3272932pgr.146.1521055504060;
        Wed, 14 Mar 2018 12:25:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521055504; cv=none;
        d=google.com; s=arc-20160816;
        b=TG9vWMimhQTPOXTaG3A8BSE3/B4qZBIPddKZlsrozslX1q/per+AvdGqRAeKHk4CvE
         PtSzP6Q6b5i8cBXqxkcPE4OVprcTqWtI8tXcg7m5i/J4Ch95l4wChLcbTMpySillXb93
         u/khguVB4qWxUNb/wtkdPP+g5ejqfqTS+04ivZR0QgKKhXhLmtL/NZ9tUk/vdiZP0/1E
         bJigQd3hoFd+xZi9R0v0mX26GxeYFqABaWlsybpJf9k9WiK7jLOw64Upp3SCSDBti2Aa
         YTXQvBobaEeWa50wrmY+PpeI+80epAKUanlA40RcQohpiBxx5WNO3DlOWzXgARv7pUHM
         K67A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=zw1S/sHpalzEV/ZmKWtI24cNjjHmkjr/F5Ykfq7CS0I=;
        b=EauvNDe9ZVtdLonSgQXs6xvIjTCzJqdfrusfeRMZrOlf4xKkStNVE3nX5H7mWoOPk+
         LWUoi7AK51Aavd6sL/tj7PcZ45UM9wKrvYVvLrhk47hGHlDLuLFh79MgtFuBY/4r5G7b
         GH3p150gDjjmi75c7WUJtFkhUHy1XEQE1UDFixwmMU46zlpHTjFbQMYuMJIeJrprLQDE
         XXnDtMXbZwH5LspwCDOPTsT9tjYgBrGxIEy3qOo1nLewmuQTUepwOR0yIZPiHmpOR5bG
         /0cHNsEeOlPgF7Sku8m/gHKd9lVrWpAOuWokUSdgTkrLotHQGVVSaErh8UrGI22EQmaj
         WlsA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y22si2468967pfm.357.2018.03.14.12.24.48;
        Wed, 14 Mar 2018 12:25:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751588AbeCNTXy convert rfc822-to-8bit (ORCPT
        <rfc822;uzarths@gmail.com> + 99 others);
        Wed, 14 Mar 2018 15:23:54 -0400
Received: from lilium.sigma-star.at ([109.75.188.150]:38028 "EHLO
        lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751426AbeCNTXx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Mar 2018 15:23:53 -0400
Received: from localhost (localhost [127.0.0.1])
        by lilium.sigma-star.at (Postfix) with ESMTP id 083F9181878B6;
        Wed, 14 Mar 2018 20:23:52 +0100 (CET)
From:   Richard Weinberger <richard@nod.at>
To:     Boris Brezillon <boris.brezillon@bootlin.com>
Cc:     Arvind Yadav <arvind.yadav.cs@gmail.com>, dwmw2@infradead.org,
        computersforpeace@gmail.com, boris.brezillon@free-electrons.com,
        marek.vasut@gmail.com, cyrille.pitchen@wedev4u.fr,
        dedekind1@gmail.com, linux-mtd@lists.infradead.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] mtd: ubi: use put_device() if device_register fail
Date:   Wed, 14 Mar 2018 20:25:25 +0100
Message-ID: <3619597.KITkZyk1Wv@blindfold>
In-Reply-To: <20180314195652.59b21594@bbrezillon>
References: <cover.1520592440.git.arvind.yadav.cs@gmail.com> <5d9b08afdad2fbc65bac48d8ae22f4925bb80512.1520592440.git.arvind.yadav.cs@gmail.com> <20180314195652.59b21594@bbrezillon>
MIME-Version: 1.0
Content-Transfer-Encoding: 8BIT
Content-Type: text/plain; charset="iso-8859-1"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Am Mittwoch, 14. M?rz 2018, 19:56:52 CET schrieb Boris Brezillon:
> On Fri,  9 Mar 2018 16:20:49 +0530
> 
> Arvind Yadav <arvind.yadav.cs@gmail.com> wrote:
> > if device_register() returned an error! Always use put_device()
> > to give up the reference initialized.
> > 
> > Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
> > ---
> > 
> >  drivers/mtd/ubi/vmt.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
> > index 3fd8d7f..db85b68 100644
> > --- a/drivers/mtd/ubi/vmt.c
> > +++ b/drivers/mtd/ubi/vmt.c
> > @@ -609,6 +609,7 @@ int ubi_add_volume(struct ubi_device *ubi, struct
> > ubi_volume *vol)> 
> >  	return err;
> >  
> >  out_cdev:
> > +	put_device(&vol->dev);
> > 
> >  	cdev_del(&vol->cdev);
> 
> use-after-free bug here: put_device() has freed the vol obj, and you're
> dereferencing the pointer just after that.

eeek, thanks for looking at more context.
Arvind, while you are right that put_device() is missing, please double check 
that freeing the devices is also correct.

Thanks,
//richard