diff mbox series

[2/2] pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()

Message ID 20221112092924.3608240-2-yangyingliang@huawei.com
State New
Headers
Series [1/2] pcmcia: ds: fix refcount leak in pcmcia_device_add() |

Commit Message

Yang Yingliang Nov. 12, 2022, 9:29 a.m. UTC 
  Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
it need bee freed.

As comment of device_register() says, it should use put_device() to
give up the reference in the error path, some resources is going to
freed in pcmcia_release_dev(), so don't use error label, just return
NULL after calling put_device().

Before device_initialize(), it can not call put_device(), so move the
dev_set_name() before device_register().

Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/pcmcia/ds.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c
index 7d3258a1f8f8..a249d9a0457b 100644
--- a/drivers/pcmcia/ds.c
+++ b/drivers/pcmcia/ds.c
@@ -513,9 +513,6 @@  static struct pcmcia_device *pcmcia_device_add(struct pcmcia_socket *s,
 	/* by default don't allow DMA */
 	p_dev->dma_mask = 0;
 	p_dev->dev.dma_mask = &p_dev->dma_mask;
-	dev_set_name(&p_dev->dev, "%d.%d", p_dev->socket->sock, p_dev->device_no);
-	if (!dev_name(&p_dev->dev))
-		goto err_free;
 	p_dev->devname = kasprintf(GFP_KERNEL, "pcmcia%s", dev_name(&p_dev->dev));
 	if (!p_dev->devname)
 		goto err_free;
@@ -573,8 +570,17 @@  static struct pcmcia_device *pcmcia_device_add(struct pcmcia_socket *s,
 
 	pcmcia_device_query(p_dev);
 
-	if (device_register(&p_dev->dev))
+	dev_set_name(&p_dev->dev, "%d.%d", p_dev->socket->sock, p_dev->device_no);
+	if (!dev_name(&p_dev->dev))
 		goto err_put_ref;
+	if (device_register(&p_dev->dev)) {
+		mutex_lock(&s->ops_mutex);
+		list_del(&p_dev->socket_device_list);
+		s->device_count--;
+		mutex_unlock(&s->ops_mutex);
+		put_device(&p_dev->dev);
+		return NULL;
+	}
 
 	return p_dev;