From: David Matlack Date: Tue, 6 May 2014 04:02:31 +0000 (-0700) Subject: staging: slicoss: fix use-after-free in slic_entry_probe X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=65bc0aaa9c2aa691e313a92250463008fb63266d;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git staging: slicoss: fix use-after-free in slic_entry_probe This patch fixes a use-after-free bug that can cause a kernel oops. If slic_card_init fails then slic_entry_probe (the pci probe() function for this device) will return error without cleaning up memory. Signed-off-by: David Matlack Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/slicoss/slicoss.c b/drivers/staging/slicoss/slicoss.c index f350e6028ed2..0b0a7b4e20e4 100644 --- a/drivers/staging/slicoss/slicoss.c +++ b/drivers/staging/slicoss/slicoss.c @@ -3594,7 +3594,6 @@ static int slic_entry_probe(struct pci_dev *pcidev, struct net_device *netdev; struct adapter *adapter; void __iomem *memmapped_ioaddr = NULL; - u32 status = 0; ulong mmio_start = 0; ulong mmio_len = 0; struct sliccard *card = NULL; @@ -3685,16 +3684,11 @@ static int slic_entry_probe(struct pci_dev *pcidev, adapter->allocated = 1; } - status = slic_card_init(card, adapter); + err = slic_card_init(card, adapter); + if (err) + goto err_out_unmap; - if (status != 0) { - card->state = CARD_FAIL; - adapter->state = ADAPT_FAIL; - adapter->linkstate = LINK_DOWN; - dev_err(&pcidev->dev, "FAILED status[%x]\n", status); - } else { - slic_adapter_set_hwaddr(adapter); - } + slic_adapter_set_hwaddr(adapter); netdev->base_addr = (unsigned long)adapter->memorybase; netdev->irq = adapter->irq; @@ -3711,7 +3705,7 @@ static int slic_entry_probe(struct pci_dev *pcidev, cards_found++; - return status; + return 0; err_out_unmap: iounmap(memmapped_ioaddr);