From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: chenzefeng <chenzefeng2@huawei.com>,
Tony Luck <tony.luck@intel.com>, Sasha Levin <sashal@kernel.org>,
linux-ia64@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 16/44] ia64:unwind: fix double free for mod->arch.init_unw_table
Date: Sun, 22 Sep 2019 15:00:34 -0400 [thread overview]
Message-ID: <20190922190103.4906-16-sashal@kernel.org> (raw)
In-Reply-To: <20190922190103.4906-1-sashal@kernel.org>
From: chenzefeng <chenzefeng2@huawei.com>
[ Upstream commit c5e5c48c16422521d363c33cfb0dcf58f88c119b ]
The function free_module in file kernel/module.c as follow:
void free_module(struct module *mod) {
......
module_arch_cleanup(mod);
......
module_arch_freeing_init(mod);
......
}
Both module_arch_cleanup and module_arch_freeing_init function
would free the mod->arch.init_unw_table, which cause double free.
Here, set mod->arch.init_unw_table = NULL after remove the unwind
table to avoid double free.
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/kernel/module.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 36b2c94a8eb5d..14c7184daaf64 100644
--- a/arch/ia64/kernel/module.c
+++ b/arch/ia64/kernel/module.c
@@ -912,8 +912,12 @@ module_finalize (const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, struct module *mo
void
module_arch_cleanup (struct module *mod)
{
- if (mod->arch.init_unw_table)
+ if (mod->arch.init_unw_table) {
unw_remove_unwind_table(mod->arch.init_unw_table);
- if (mod->arch.core_unw_table)
+ mod->arch.init_unw_table = NULL;
+ }
+ if (mod->arch.core_unw_table) {
unw_remove_unwind_table(mod->arch.core_unw_table);
+ mod->arch.core_unw_table = NULL;
+ }
}
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: chenzefeng <chenzefeng2@huawei.com>,
Tony Luck <tony.luck@intel.com>, Sasha Levin <sashal@kernel.org>,
linux-ia64@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 16/44] ia64:unwind: fix double free for mod->arch.init_unw_table
Date: Sun, 22 Sep 2019 19:00:34 +0000 [thread overview]
Message-ID: <20190922190103.4906-16-sashal@kernel.org> (raw)
In-Reply-To: <20190922190103.4906-1-sashal@kernel.org>
From: chenzefeng <chenzefeng2@huawei.com>
[ Upstream commit c5e5c48c16422521d363c33cfb0dcf58f88c119b ]
The function free_module in file kernel/module.c as follow:
void free_module(struct module *mod) {
......
module_arch_cleanup(mod);
......
module_arch_freeing_init(mod);
......
}
Both module_arch_cleanup and module_arch_freeing_init function
would free the mod->arch.init_unw_table, which cause double free.
Here, set mod->arch.init_unw_table = NULL after remove the unwind
table to avoid double free.
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/kernel/module.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 36b2c94a8eb5d..14c7184daaf64 100644
--- a/arch/ia64/kernel/module.c
+++ b/arch/ia64/kernel/module.c
@@ -912,8 +912,12 @@ module_finalize (const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, struct module *mo
void
module_arch_cleanup (struct module *mod)
{
- if (mod->arch.init_unw_table)
+ if (mod->arch.init_unw_table) {
unw_remove_unwind_table(mod->arch.init_unw_table);
- if (mod->arch.core_unw_table)
+ mod->arch.init_unw_table = NULL;
+ }
+ if (mod->arch.core_unw_table) {
unw_remove_unwind_table(mod->arch.core_unw_table);
+ mod->arch.core_unw_table = NULL;
+ }
}
--
2.20.1
next prev parent reply other threads:[~2019-09-22 19:04 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-22 19:00 [PATCH AUTOSEL 4.4 01/44] ALSA: hda: Flush interrupts on disabling Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 02/44] ASoC: sgtl5000: Fix charge pump source assignment Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 03/44] dmaengine: bcm2835: Print error in case setting DMA mask fails Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 04/44] leds: leds-lp5562 allow firmware files up to the maximum length Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 05/44] media: dib0700: fix link error for dibx000_i2c_set_speed Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 06/44] media: hdpvr: Add device num check and handling Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 07/44] sched/fair: Fix imbalance due to CPU affinity Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 08/44] sched/core: Fix CPU controller for !RT_GROUP_SCHED Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 09/44] x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 10/44] x86/apic: Soft disable APIC before initializing it Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 11/44] ALSA: hda - Show the fatal CORB/RIRB error more clearly Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 12/44] ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 13/44] media: iguanair: add sanity checks Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 14/44] base: soc: Export soc_device_register/unregister APIs Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 15/44] ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid Sasha Levin
2019-09-22 19:00 ` Sasha Levin [this message]
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 16/44] ia64:unwind: fix double free for mod->arch.init_unw_table Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 17/44] md: don't call spare_active in md_reap_sync_thread if all member devices can't work Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 18/44] md: don't set In_sync if array is frozen Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 19/44] efi: cper: print AER info of PCIe fatal error Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 20/44] media: gspca: zero usb_buf on error Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 21/44] dmaengine: iop-adma: use correct printk format strings Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 22/44] media: omap3isp: Don't set streaming state on random subdevs Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 23/44] net: lpc-enet: fix printk format strings Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 24/44] media: radio/si470x: kill urb on error Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 25/44] media: hdpvr: add terminating 0 at end of string Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 26/44] media: saa7146: add cleanup in hexium_attach() Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 27/44] media: cpia2_usb: fix memory leaks Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 28/44] media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 29/44] media: ov9650: add a sanity check Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 30/44] ACPI / CPPC: do not require the _PSD method Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 31/44] libtraceevent: Change users plugin directory Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 32/44] ACPI: custom_method: fix memory leaks Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 33/44] hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 34/44] md/raid1: fail run raid1 array when active disk less than one Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 35/44] dmaengine: ti: edma: Do not reset reserved paRAM slots Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 36/44] kprobes: Prohibit probing on BUG() and WARN() address Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 37/44] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 38/44] x86/platform/uv: Fix kmalloc() NULL check routine Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 39/44] ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 40/44] mmc: sdhci: Fix incorrect switch to HS mode Sasha Levin
2019-09-22 19:00 ` [PATCH AUTOSEL 4.4 41/44] libertas: Add missing sentinel at end of if_usb.c fw_table Sasha Levin
2019-09-22 19:01 ` [PATCH AUTOSEL 4.4 42/44] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() Sasha Levin
2019-09-22 19:01 ` [PATCH AUTOSEL 4.4 43/44] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 Sasha Levin
2019-09-22 19:01 ` [PATCH AUTOSEL 4.4 44/44] btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190922190103.4906-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=chenzefeng2@huawei.com \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.