Re: [PATCH] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
From: Samuel Iglesias Gonsálvez
Date: Wed May 26 2021 - 06:35:51 EST
Hi Lv,
Thanks for the patch!
Patch is,
Acked-by: Samuel Iglesias Gonsalvez <siglesias@xxxxxxxxxx>
Greg, Would you mind picking this patch series through your char-misc
tree?
Thanks!
Sam
On Mon, 2021-05-24 at 02:32 -0700, Lv Yunlong wrote:
> In the out_err_bus_register error branch of tpci200_pci_probe,
> tpci200->info->cfg_regs is freed by tpci200_uninstall()->
> tpci200_unregister()->pci_iounmap(..,tpci200->info->cfg_regs)
> in the first time.
>
> But later, iounmap() is called to free tpci200->info->cfg_regs
> again.
>
> My patch sets tpci200->info->cfg_regs to NULL after
> tpci200_uninstall()
> to avoid the double free.
>
> Fixes: cea2f7cdff2af ("Staging: ipack/bridges/tpci200: Use the
> TPCI200 in big endian mode")
> Signed-off-by: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>
> ---
> drivers/ipack/carriers/tpci200.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/ipack/carriers/tpci200.c
> b/drivers/ipack/carriers/tpci200.c
> index ec71063fff76..e1822e87ec3d 100644
> --- a/drivers/ipack/carriers/tpci200.c
> +++ b/drivers/ipack/carriers/tpci200.c
> @@ -596,8 +596,11 @@ static int tpci200_pci_probe(struct pci_dev
> *pdev,
>
> out_err_bus_register:
> tpci200_uninstall(tpci200);
> + /* tpci200->info->cfg_regs is unmapped in tpci200_uninstall
> */
> + tpci200->info->cfg_regs = NULL;
> out_err_install:
> - iounmap(tpci200->info->cfg_regs);
> + if (tpci200->info->cfg_regs)
> + iounmap(tpci200->info->cfg_regs);
> out_err_ioremap:
> pci_release_region(pdev, TPCI200_CFG_MEM_BAR);
> out_err_pci_request:
Attachment:
signature.asc
Description: This is a digitally signed message part