linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
@ 2021-05-24  9:32 Lv Yunlong
  2021-05-26 10:04 ` Samuel Iglesias Gonsálvez
  0 siblings, 1 reply; 3+ messages in thread
From: Lv Yunlong @ 2021-05-24  9:32 UTC (permalink / raw)
  To: siglesias, jens.taprogge, gregkh
  Cc: industrypack-devel, linux-kernel, Lv Yunlong

In the out_err_bus_register error branch of tpci200_pci_probe,
tpci200->info->cfg_regs is freed by tpci200_uninstall()->
tpci200_unregister()->pci_iounmap(..,tpci200->info->cfg_regs)
in the first time.

But later, iounmap() is called to free tpci200->info->cfg_regs
again.

My patch sets tpci200->info->cfg_regs to NULL after tpci200_uninstall()
to avoid the double free.

Fixes: cea2f7cdff2af ("Staging: ipack/bridges/tpci200: Use the TPCI200 in big endian mode")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
---
 drivers/ipack/carriers/tpci200.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/ipack/carriers/tpci200.c b/drivers/ipack/carriers/tpci200.c
index ec71063fff76..e1822e87ec3d 100644
--- a/drivers/ipack/carriers/tpci200.c
+++ b/drivers/ipack/carriers/tpci200.c
@@ -596,8 +596,11 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 
 out_err_bus_register:
 	tpci200_uninstall(tpci200);
+	/* tpci200->info->cfg_regs is unmapped in tpci200_uninstall */
+	tpci200->info->cfg_regs = NULL;
 out_err_install:
-	iounmap(tpci200->info->cfg_regs);
+	if (tpci200->info->cfg_regs)
+		iounmap(tpci200->info->cfg_regs);
 out_err_ioremap:
 	pci_release_region(pdev, TPCI200_CFG_MEM_BAR);
 out_err_pci_request:
-- 
2.25.1




^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
  2021-05-24  9:32 [PATCH] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe Lv Yunlong
@ 2021-05-26 10:04 ` Samuel Iglesias Gonsálvez
  2021-05-27 12:39   ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Samuel Iglesias Gonsálvez @ 2021-05-26 10:04 UTC (permalink / raw)
  To: Lv Yunlong, jens.taprogge, gregkh; +Cc: industrypack-devel, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1747 bytes --]

Hi Lv,

Thanks for the patch!

Patch is,

Acked-by: Samuel Iglesias Gonsalvez <siglesias@igalia.com>

Greg, Would you mind picking this patch series through your char-misc
tree?

Thanks!

Sam

On Mon, 2021-05-24 at 02:32 -0700, Lv Yunlong wrote:
> In the out_err_bus_register error branch of tpci200_pci_probe,
> tpci200->info->cfg_regs is freed by tpci200_uninstall()->
> tpci200_unregister()->pci_iounmap(..,tpci200->info->cfg_regs)
> in the first time.
> 
> But later, iounmap() is called to free tpci200->info->cfg_regs
> again.
> 
> My patch sets tpci200->info->cfg_regs to NULL after
> tpci200_uninstall()
> to avoid the double free.
> 
> Fixes: cea2f7cdff2af ("Staging: ipack/bridges/tpci200: Use the
> TPCI200 in big endian mode")
> Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
> ---
>  drivers/ipack/carriers/tpci200.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/ipack/carriers/tpci200.c
> b/drivers/ipack/carriers/tpci200.c
> index ec71063fff76..e1822e87ec3d 100644
> --- a/drivers/ipack/carriers/tpci200.c
> +++ b/drivers/ipack/carriers/tpci200.c
> @@ -596,8 +596,11 @@ static int tpci200_pci_probe(struct pci_dev
> *pdev,
>  
>  out_err_bus_register:
>         tpci200_uninstall(tpci200);
> +       /* tpci200->info->cfg_regs is unmapped in tpci200_uninstall
> */
> +       tpci200->info->cfg_regs = NULL;
>  out_err_install:
> -       iounmap(tpci200->info->cfg_regs);
> +       if (tpci200->info->cfg_regs)
> +               iounmap(tpci200->info->cfg_regs);
>  out_err_ioremap:
>         pci_release_region(pdev, TPCI200_CFG_MEM_BAR);
>  out_err_pci_request:


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
  2021-05-26 10:04 ` Samuel Iglesias Gonsálvez
@ 2021-05-27 12:39   ` Greg KH
  0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2021-05-27 12:39 UTC (permalink / raw)
  To: Samuel Iglesias Gonsálvez
  Cc: Lv Yunlong, jens.taprogge, industrypack-devel, linux-kernel

On Wed, May 26, 2021 at 12:04:28PM +0200, Samuel Iglesias Gonsálvez wrote:
> Hi Lv,
> 
> Thanks for the patch!
> 
> Patch is,
> 
> Acked-by: Samuel Iglesias Gonsalvez <siglesias@igalia.com>
> 
> Greg, Would you mind picking this patch series through your char-misc
> tree?

Sure, will do.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-27 12:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-24  9:32 [PATCH] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe Lv Yunlong
2021-05-26 10:04 ` Samuel Iglesias Gonsálvez
2021-05-27 12:39   ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).