From eb8d3c604fe7496323efb9a858bef84c489ca584 Mon Sep 17 00:00:00 2001 From: Benjamin Herrenschmidt Date: Wed, 10 Jun 2009 12:43:02 -0700 Subject: devres: WARN() and return, don't crash on device_del() of uninitialized device I just debugged an obscure crash caused by a device_del() of a all NULL'd out struct device (in usb-serial) and found that a patch like this one would have saved me time (in addition to improved chances of a bug report from users hitting similar driver bugs). [akpm@linux-foundation.org: cleanup] Signed-off-by: Benjamin Herrenschmidt Cc: Kay Sievers Cc: Tejun Heo Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman --- drivers/base/devres.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'drivers/base') diff --git a/drivers/base/devres.c b/drivers/base/devres.c index e8beb8e5b626..05dd307e8f02 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -428,6 +428,9 @@ int devres_release_all(struct device *dev) { unsigned long flags; + /* Looks like an uninitialized device structure */ + if (WARN_ON(dev->devres_head.next == NULL)) + return -ENODEV; spin_lock_irqsave(&dev->devres_lock, flags); return release_nodes(dev, dev->devres_head.next, &dev->devres_head, flags); -- cgit v1.2.3 From 308975fa7ab2a8e0b91186158128668c823790ce Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Sun, 21 Jun 2009 23:57:31 +0200 Subject: Firmware: firmware_class, fix lock imbalance Add omitted unlock in firmware_data_read. Signed-off-by: Jiri Slaby Signed-off-by: Greg Kroah-Hartman --- drivers/base/firmware_class.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'drivers/base') diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c index fc466531260e..f285f441fab9 100644 --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c @@ -217,8 +217,10 @@ firmware_data_read(struct kobject *kobj, struct bin_attribute *bin_attr, ret_count = -ENODEV; goto out; } - if (offset > fw->size) - return 0; + if (offset > fw->size) { + ret_count = 0; + goto out; + } if (count > fw->size - offset) count = fw->size - offset; -- cgit v1.2.3 From 3b4418c67a70278964b063b5e1f56dcb3d0a41f3 Mon Sep 17 00:00:00 2001 From: Ming Lei Date: Sat, 11 Jul 2009 11:11:10 +0800 Subject: driver core: firmware_class:fix memory leak of page pointers array The page pointers array is allocated in fw_realloc_buffer() called by firmware_data_write(), and should be freed in release function of firmware device. Signed-off-by: Ming Lei Reported-by: Catalin Marinas Acked-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman --- drivers/base/firmware_class.c | 1 - 1 file changed, 1 deletion(-) (limited to 'drivers/base') diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c index f285f441fab9..7376367bcb80 100644 --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c @@ -180,7 +180,6 @@ static ssize_t firmware_loading_store(struct device *dev, goto err; } /* Pages will be freed by vfree() */ - fw_priv->pages = NULL; fw_priv->page_array_size = 0; fw_priv->nr_pages = 0; complete(&fw_priv->completion); -- cgit v1.2.3 From 79f0313bfc67aa13abb931e8c12a1411f0161a68 Mon Sep 17 00:00:00 2001 From: Xiaotian Feng Date: Fri, 24 Jul 2009 17:31:41 +0800 Subject: driver core: sysdev: do not send KOBJ_ADD uevent if kobject_init_and_add fails If kobject_init_and_add fails, sysdev_register should not send KOBJ_ADD uevent to userspace. Signed-off-by: Xiaotian Feng Signed-off-by: Greg Kroah-Hartman --- drivers/base/sys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/base') diff --git a/drivers/base/sys.c b/drivers/base/sys.c index 79a9ae5238ac..0d903909af7e 100644 --- a/drivers/base/sys.c +++ b/drivers/base/sys.c @@ -275,9 +275,9 @@ int sysdev_register(struct sys_device *sysdev) drv->add(sysdev); } mutex_unlock(&sysdev_drivers_lock); + kobject_uevent(&sysdev->kobj, KOBJ_ADD); } - kobject_uevent(&sysdev->kobj, KOBJ_ADD); return error; } -- cgit v1.2.3