Re: [PATCH] cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path

Next message: David Hildenbrand (Arm): "Re: [PATCH v3 10/13] selftests/mm: skip uffd-stress test when nr_pages_per_cpu is zero"
Previous message: Gary Guo: "Re: [PATCH 10/33] rust: transmute: simplify code with Rust 1.80.0 `split_at_*checked()`"
In reply to: Viresh Kumar: "Re: [PATCH] cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Rafael J. Wysocki

Date: Wed Apr 01 2026 - 10:27:31 EST

On Wed, Apr 1, 2026 at 8:23 AM Viresh Kumar <viresh.kumar@xxxxxxxxxx> wrote:
>
> On 01-04-26, 10:45, Guangshuo Li wrote:
> > When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls
> > kobject_put(&dbs_data->attr_set.kobj).
> >
> > The kobject release callback cpufreq_dbs_data_release() calls
> > gov->exit(dbs_data) and kfree(dbs_data), but the current error path
> > then calls gov->exit(dbs_data) and kfree(dbs_data) again, causing a
> > double free.
> >
> > Keep the direct kfree(dbs_data) for the gov->init() failure path, but
> > after kobject_init_and_add() has been called, let kobject_put() handle
> > the cleanup through cpufreq_dbs_data_release().
> >
> > Fixes: 4ebe36c94aed ("cpufreq: Fix kobject memleak")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Guangshuo Li <lgs201920130244@xxxxxxxxx>
> > ---
> > drivers/cpufreq/cpufreq_governor.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
>
> Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx>

Applied as 7.0-rc material, thanks!