[PATCH] PCI: endpoint: Fix a double free in __pci_epc_create()

From: Ma Ke
Date: Tue Jan 07 2025 - 02:46:28 EST

Next message: Yosry Ahmed: "[PATCH RESEND 1/2] Revert "mm: zswap: fix race between [de]compression and CPU hotunplug""
Previous message: Yan Zhao: "Re: [PATCH v2 22/24] KVM: TDX: Finalize VM initialization"
In reply to: Markus Elfring: "Re: [PATCH] PCI: endpoint: Fix a double free in __pci_epc_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The put_device(&epc->dev) call will trigger pci_epc_release() which
frees "epc" so the kfree(epc) on the next line is a double free.

Found by code review.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 5e8cb4033807 ("PCI: endpoint: Add EP core layer to enable EP controller and EP functions")
Signed-off-by: Ma Ke <make24@xxxxxxxxxxx>
---
drivers/pci/endpoint/pci-epc-core.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c
index 46c9a5c3ca14..652350f054cf 100644
--- a/drivers/pci/endpoint/pci-epc-core.c
+++ b/drivers/pci/endpoint/pci-epc-core.c
@@ -818,7 +818,6 @@ __pci_epc_create(struct device *dev, const struct pci_epc_ops *ops,

put_dev:
put_device(&epc->dev);
- kfree(epc);

err_ret:
return ERR_PTR(ret);
--
2.25.1

Next message: Yosry Ahmed: "[PATCH RESEND 1/2] Revert "mm: zswap: fix race between [de]compression and CPU hotunplug""
Previous message: Yan Zhao: "Re: [PATCH v2 22/24] KVM: TDX: Finalize VM initialization"
In reply to: Markus Elfring: "Re: [PATCH] PCI: endpoint: Fix a double free in __pci_epc_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]