Commit 1875ed81 authored by Christophe JAILLET's avatar Christophe JAILLET Committed by Greg Kroah-Hartman

driver core: bus: Fix a potential double free

commit 0f9b011d upstream.

The .release function of driver_ktype is 'driver_release()'.
This function frees the container_of this kobject.

So, this memory must not be freed explicitly in the error handling path of
'bus_add_driver()'. Otherwise a double free will occur.
Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent f3584d55
...@@ -737,7 +737,7 @@ int bus_add_driver(struct device_driver *drv) ...@@ -737,7 +737,7 @@ int bus_add_driver(struct device_driver *drv)
out_unregister: out_unregister:
kobject_put(&priv->kobj); kobject_put(&priv->kobj);
kfree(drv->p); /* drv->p is freed in driver_release() */
drv->p = NULL; drv->p = NULL;
out_put_bus: out_put_bus:
bus_put(bus); bus_put(bus);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment