Message ID | 20220418081632.35121-1-hbh25y@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | hwtracing: stm: fix possible double free in stm_register_device() | expand |
Ping On 2022/4/18 16:16, Hangyu Hua wrote: > put_device() will call stm_device_release() to free stm when > stm_register_device() fails. So there is no need to call vfree() again. > > Fix this by adding a return after put_device(). > > Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System Trace Module devices") > Signed-off-by: Hangyu Hua <hbh25y@gmail.com> > --- > drivers/hwtracing/stm/core.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c > index 2712e699ba08..403b4f41bb1b 100644 > --- a/drivers/hwtracing/stm/core.c > +++ b/drivers/hwtracing/stm/core.c > @@ -915,6 +915,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data, > > /* matches device_initialize() above */ > put_device(&stm->dev); > + return err; > err_free: > vfree(stm); >
Gentel ping. On 2022/5/5 09:29, Hangyu Hua wrote: > Ping > > On 2022/4/18 16:16, Hangyu Hua wrote: >> put_device() will call stm_device_release() to free stm when >> stm_register_device() fails. So there is no need to call vfree() again. >> >> Fix this by adding a return after put_device(). >> >> Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System >> Trace Module devices") >> Signed-off-by: Hangyu Hua <hbh25y@gmail.com> >> --- >> drivers/hwtracing/stm/core.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c >> index 2712e699ba08..403b4f41bb1b 100644 >> --- a/drivers/hwtracing/stm/core.c >> +++ b/drivers/hwtracing/stm/core.c >> @@ -915,6 +915,7 @@ int stm_register_device(struct device *parent, >> struct stm_data *stm_data, >> /* matches device_initialize() above */ >> put_device(&stm->dev); >> + return err; >> err_free: >> vfree(stm);
On 2022/5/23 09:55, Hangyu Hua wrote: > Gentel ping. > > On 2022/5/5 09:29, Hangyu Hua wrote: >> Ping >> >> On 2022/4/18 16:16, Hangyu Hua wrote: >>> put_device() will call stm_device_release() to free stm when >>> stm_register_device() fails. So there is no need to call vfree() again. >>> >>> Fix this by adding a return after put_device(). >>> >>> Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System >>> Trace Module devices") >>> Signed-off-by: Hangyu Hua <hbh25y@gmail.com> >>> --- >>> drivers/hwtracing/stm/core.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c >>> index 2712e699ba08..403b4f41bb1b 100644 >>> --- a/drivers/hwtracing/stm/core.c >>> +++ b/drivers/hwtracing/stm/core.c >>> @@ -915,6 +915,7 @@ int stm_register_device(struct device *parent, >>> struct stm_data *stm_data, >>> /* matches device_initialize() above */ >>> put_device(&stm->dev); >>> + return err; >>> err_free: >>> vfree(stm); Gentel ping.
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c index 2712e699ba08..403b4f41bb1b 100644 --- a/drivers/hwtracing/stm/core.c +++ b/drivers/hwtracing/stm/core.c @@ -915,6 +915,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data, /* matches device_initialize() above */ put_device(&stm->dev); + return err; err_free: vfree(stm);
put_device() will call stm_device_release() to free stm when stm_register_device() fails. So there is no need to call vfree() again. Fix this by adding a return after put_device(). Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System Trace Module devices") Signed-off-by: Hangyu Hua <hbh25y@gmail.com> --- drivers/hwtracing/stm/core.c | 1 + 1 file changed, 1 insertion(+)