Re: [PATCH] cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

Next message: Yongxing Mou: "Re: [PATCH v3 15/38] drm/msm/dp: use stream_id to change offsets in dp_catalog"
Previous message: Wentao Guan: "Re: [PATCH 6.18 000/309] 6.18.21-rc1 review"
Next in thread: Rafael J. Wysocki: "Re: [PATCH] cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Viresh Kumar

Date: Wed Apr 01 2026 - 02:27:03 EST

On 01-04-26, 10:45, Guangshuo Li wrote:
> When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls
> kobject_put(&dbs_data->attr_set.kobj).
>
> The kobject release callback cpufreq_dbs_data_release() calls
> gov->exit(dbs_data) and kfree(dbs_data), but the current error path
> then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a
> double free.
>
> Keep the direct kfree(dbs_data) for the gov->init() failure path, but
> after kobject_init_and_add() has been called, let kobject_put() handle
> the cleanup through cpufreq_dbs_data_release().
>
> Fixes: 4ebe36c94aed ("cpufreq: Fix kobject memleak")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Guangshuo Li <lgs201920130244@xxxxxxxxx>
> ---
> drivers/cpufreq/cpufreq_governor.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)

Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx>

--
viresh