diff mbox series

PCI: endpoint: Fix double free in __pci_epc_create()

Message ID 2ce68694-87a7-4c06-b8a4-9870c891b580@moroto.mountain (mailing list archive)
State Accepted
Delegated to: Bjorn Helgaas
Headers show
Series PCI: endpoint: Fix double free in __pci_epc_create() | expand

Commit Message

Dan Carpenter Oct. 25, 2023, 11:57 a.m. UTC
The pci_epc_release() function frees "epc" so the kfree() on the next
line is a double free.

Fixes: 7711cbb4862a ("PCI: endpoint: Fix WARN() when an endpoint driver is removed")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/pci/endpoint/pci-epc-core.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Manivannan Sadhasivam Oct. 25, 2023, 5:05 p.m. UTC | #1
On Wed, Oct 25, 2023 at 02:57:23PM +0300, Dan Carpenter wrote:
> The pci_epc_release() function frees "epc" so the kfree() on the next
> line is a double free.
> 
> Fixes: 7711cbb4862a ("PCI: endpoint: Fix WARN() when an endpoint driver is removed")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>

- Mani

> ---
>  drivers/pci/endpoint/pci-epc-core.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c
> index fe421d46a8a4..56e1184bc6c2 100644
> --- a/drivers/pci/endpoint/pci-epc-core.c
> +++ b/drivers/pci/endpoint/pci-epc-core.c
> @@ -869,7 +869,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops,
>  
>  put_dev:
>  	put_device(&epc->dev);
> -	kfree(epc);
>  
>  err_ret:
>  	return ERR_PTR(ret);
> -- 
> 2.42.0
>
Bjorn Helgaas Oct. 26, 2023, 4:13 p.m. UTC | #2
On Wed, Oct 25, 2023 at 02:57:23PM +0300, Dan Carpenter wrote:
> The pci_epc_release() function frees "epc" so the kfree() on the next
> line is a double free.
> 
> Fixes: 7711cbb4862a ("PCI: endpoint: Fix WARN() when an endpoint driver is removed")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Applied with Manivannan's reviewed-by to pci/misc for v6.7, thanks!

> ---
>  drivers/pci/endpoint/pci-epc-core.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c
> index fe421d46a8a4..56e1184bc6c2 100644
> --- a/drivers/pci/endpoint/pci-epc-core.c
> +++ b/drivers/pci/endpoint/pci-epc-core.c
> @@ -869,7 +869,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops,
>  
>  put_dev:
>  	put_device(&epc->dev);
> -	kfree(epc);
>  
>  err_ret:
>  	return ERR_PTR(ret);
> -- 
> 2.42.0
>
diff mbox series

Patch

diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c
index fe421d46a8a4..56e1184bc6c2 100644
--- a/drivers/pci/endpoint/pci-epc-core.c
+++ b/drivers/pci/endpoint/pci-epc-core.c
@@ -869,7 +869,6 @@  __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops,
 
 put_dev:
 	put_device(&epc->dev);
-	kfree(epc);
 
 err_ret:
 	return ERR_PTR(ret);