1. Patchew
  2. linux
  3. View series

[PATCH next] PM / devfreq: Fix double free in devfreq_event_add_edev()

Dan Carpenter posted 1 patch 3 weeks, 2 days ago 
drivers/devfreq/devfreq-event.c | 1 -
1 file changed, 1 deletion(-)
[PATCH next] PM / devfreq: Fix double free in devfreq_event_add_edev()
Posted by Dan Carpenter 3 weeks, 2 days ago 
The put_device() function calls devfreq_event_release_edev() which frees
"evdev".  Calling kfree() again is a double free.

Fixes: 430a1845c804 ("PM / devfreq: Fix memory leak in devfreq_event_add_edev()")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/devfreq/devfreq-event.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/devfreq/devfreq-event.c b/drivers/devfreq/devfreq-event.c
index 34406c52b845..70219099c604 100644
--- a/drivers/devfreq/devfreq-event.c
+++ b/drivers/devfreq/devfreq-event.c
@@ -328,7 +328,6 @@ struct devfreq_event_dev *devfreq_event_add_edev(struct device *dev,
 	ret = device_register(&edev->dev);
 	if (ret < 0) {
 		put_device(&edev->dev);
-		kfree(edev);
 		return ERR_PTR(ret);
 	}
 	dev_set_drvdata(&edev->dev, edev);
-- 
2.47.2
Re: [PATCH next] PM / devfreq: Fix double free in devfreq_event_add_edev()
Posted by Chanwoo Choi 3 weeks, 2 days ago 
25. 9. 9. 19:29에 Dan Carpenter 이(가) 쓴 글:
> The put_device() function calls devfreq_event_release_edev() which frees
> "evdev".  Calling kfree() again is a double free.
> 
> Fixes: 430a1845c804 ("PM / devfreq: Fix memory leak in devfreq_event_add_edev()")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
>  drivers/devfreq/devfreq-event.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/devfreq/devfreq-event.c b/drivers/devfreq/devfreq-event.c
> index 34406c52b845..70219099c604 100644
> --- a/drivers/devfreq/devfreq-event.c
> +++ b/drivers/devfreq/devfreq-event.c
> @@ -328,7 +328,6 @@ struct devfreq_event_dev *devfreq_event_add_edev(struct device *dev,
>  	ret = device_register(&edev->dev);
>  	if (ret < 0) {
>  		put_device(&edev->dev);
> -		kfree(edev);
>  		return ERR_PTR(ret);
>  	}
>  	dev_set_drvdata(&edev->dev, edev);

Firstly, I'm sorry that it my wrong review of patch[1].
[1] https://patchwork.kernel.org/project/linux-pm/patch/20250907113302.3353584-1-kaushlendra.kumar@intel.com/

As you mentioned, the above patch[1] doesn't be necessary.

Instead of applying your patch, I'll drop the patch[1].
I'm sorry to make the confusion.

-- 
Best Regards,
Samsung Electronics
Chanwoo Choi
RE: [PATCH next] PM / devfreq: Fix double free in devfreq_event_add_edev()
Posted by Kumar, Kaushlendra 3 weeks, 2 days ago 
Hi Dan,

On [Date], Dan Carpenter <dan.carpenter@linaro.org> wrote:
> The put_device() function calls devfreq_event_release_edev() which frees "evdev".  Calling kfree() again is a double free.
> 
> Fixes: 430a1845c804 ("PM / devfreq: Fix memory leak in devfreq_event_add_edev()")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
>  drivers/devfreq/devfreq-event.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/devfreq/devfreq-event.c b/drivers/devfreq/devfreq-event.c index 34406c52b845..70219099c604 100644
> --- a/drivers/devfreq/devfreq-event.c
> +++ b/drivers/devfreq/devfreq-event.c
> @@ -328,7 +328,6 @@ struct devfreq_event_dev *devfreq_event_add_edev(struct device *dev,
> 	ret = device_register(&edev->dev);
> 	if (ret < 0) {
> 		put_device(&edev->dev);
> -		kfree(edev);
> 		return ERR_PTR(ret);
> 	}
> 	dev_set_drvdata(&edev->dev, edev);

Thank you for catching this double-free issue! You're absolutely right - 
the release function handles the memory cleanup, making the explicit kfree() 
incorrect.

Reviewed-by: Kaushlendra Kumar <kaushlendra.kumar@intel.com>

Best regards,
Kaushlendra Kumar

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.