Hi!
From: Qiushi Wu wu000273@umn.edu
[ Upstream commit fe3c60684377d5ad9b0569b87ed3e26e12c8173b ]
kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Callback function fw_cfg_sysfs_release_entry() in kobject_put() can handle the pointer "entry" properly.
Okay, but... does that mean err_add_raw: should be using kobject_put(), too (w/o the kfree)? It is strange to have different error handling for different error paths.
Best regards, Pavel
+++ b/drivers/firmware/qemu_fw_cfg.c @@ -605,8 +605,10 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f) /* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */ err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype, fw_cfg_sel_ko, "%d", entry->select);
- if (err)
goto err_register;
- if (err) {
kobject_put(&entry->kobj);return err;- }
/* add raw binary content access */ err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw); @@ -622,7 +624,6 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f) err_add_raw: kobject_del(&entry->kobj); -err_register: kfree(entry); return err; }