projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a323449)
mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
authorQinglang Miao <miaoqinglang@huawei.com>
Fri, 20 Nov 2020 07:48:47 +0000 (15:48 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 29 Dec 2020 12:46:56 +0000 (13:46 +0100)
[ Upstream commit f0e82242b16826077a2775eacfe201d803bb7a22 ]

kfree(dev) has been called inside put_device so anther
kfree would cause a use-after-free bug/

Fixes: 8286ae03308c ("MIPS: Add CDMM bus support")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Acked-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/bus/mips_cdmm.c patch | blob | blame | history

diff --git a/drivers/bus/mips_cdmm.c b/drivers/bus/mips_cdmm.c
index 1b14256376d240f094a3c57651661743a8576009..7c1da45be166e1530e3990237a852042aefcf2c7 100644 (file)
--- a/drivers/bus/mips_cdmm.c
+++ b/drivers/bus/mips_cdmm.c
@@ -544,10 +544,8 @@ static void mips_cdmm_bus_discover(struct mips_cdmm_bus *bus)
                dev_set_name(&dev->dev, "cdmm%u-%u", cpu, id);
                ++id;
                ret = device_register(&dev->dev);
-               if (ret) {
+               if (ret)
                        put_device(&dev->dev);
-                       kfree(dev);
-               }
        }
 }