[PATCH 3.17 03/47] drivers/input/evdev.c: dont kfree() a vmalloc address

From: Greg Kroah-Hartman
Date: Sun Dec 14 2014 - 15:43:57 EST

3.17-stable review patch. If anyone has any objections, please let me know.


From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>

commit 92788ac1eb06e69a822de45e2a8a63fa45eb5be2 upstream.

If kzalloc() failed and then evdev_open_device() fails, evdev_open()
will pass a vmalloc'ed pointer to kfree.

This might fix https://bugzilla.kernel.org/show_bug.cgi?id=88401, where
there was a crash in kfree().

Reported-by: Christian Casteyde <casteyde.christian@xxxxxxx>
Belatedly-Acked-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
Cc: Henrik Rydberg <rydberg@xxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/input/evdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -421,7 +421,7 @@ static int evdev_open(struct inode *inod

evdev_detach_client(evdev, client);
- kfree(client);
+ kvfree(client);
return error;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/