Message ID | 2ce68694-87a7-4c06-b8a4-9870c891b580@moroto.mountain (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Bjorn Helgaas |
Headers | show |
Series | PCI: endpoint: Fix double free in __pci_epc_create() | expand |
On Wed, Oct 25, 2023 at 02:57:23PM +0300, Dan Carpenter wrote: > The pci_epc_release() function frees "epc" so the kfree() on the next > line is a double free. > > Fixes: 7711cbb4862a ("PCI: endpoint: Fix WARN() when an endpoint driver is removed") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> - Mani > --- > drivers/pci/endpoint/pci-epc-core.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c > index fe421d46a8a4..56e1184bc6c2 100644 > --- a/drivers/pci/endpoint/pci-epc-core.c > +++ b/drivers/pci/endpoint/pci-epc-core.c > @@ -869,7 +869,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops, > > put_dev: > put_device(&epc->dev); > - kfree(epc); > > err_ret: > return ERR_PTR(ret); > -- > 2.42.0 >
On Wed, Oct 25, 2023 at 02:57:23PM +0300, Dan Carpenter wrote: > The pci_epc_release() function frees "epc" so the kfree() on the next > line is a double free. > > Fixes: 7711cbb4862a ("PCI: endpoint: Fix WARN() when an endpoint driver is removed") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Applied with Manivannan's reviewed-by to pci/misc for v6.7, thanks! > --- > drivers/pci/endpoint/pci-epc-core.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c > index fe421d46a8a4..56e1184bc6c2 100644 > --- a/drivers/pci/endpoint/pci-epc-core.c > +++ b/drivers/pci/endpoint/pci-epc-core.c > @@ -869,7 +869,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops, > > put_dev: > put_device(&epc->dev); > - kfree(epc); > > err_ret: > return ERR_PTR(ret); > -- > 2.42.0 >
diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c index fe421d46a8a4..56e1184bc6c2 100644 --- a/drivers/pci/endpoint/pci-epc-core.c +++ b/drivers/pci/endpoint/pci-epc-core.c @@ -869,7 +869,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops, put_dev: put_device(&epc->dev); - kfree(epc); err_ret: return ERR_PTR(ret);
The pci_epc_release() function frees "epc" so the kfree() on the next line is a double free. Fixes: 7711cbb4862a ("PCI: endpoint: Fix WARN() when an endpoint driver is removed") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- drivers/pci/endpoint/pci-epc-core.c | 1 - 1 file changed, 1 deletion(-)