Re: [PATCH -next] scsi: snic: fix double free in snic_tgt_create()
From: Martin K. Petersen
Date: Fri Aug 25 2023 - 17:52:16 EST
On Sat, 19 Aug 2023 08:39:41 +0000, Zhu Wang wrote:
> The commit 41320b18a0e0 ("scsi: snic: Fix possible memory leak if
> device_add() fails") fix the memory leak caused by dev_set_name() when
> device_add() failed. While it did not consider that 'tgt' has already been
> released when put_device(&tgt->dev) is called. We removed kfree(tgt) in
> the error path to avoid double free 'tgt'. And we moved
> put_device(&tgt->dev) after the removed kfree(tgt) to avoid UAF
> (Use-After-Free).
>
> [...]
Applied to 6.5/scsi-fixes, thanks!
[1/1] scsi: snic: fix double free in snic_tgt_create()
https://git.kernel.org/mkp/scsi/c/1bd3a76880b2
--
Martin K. Petersen Oracle Linux Engineering