| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241101204211.414664-2-orange@aiven.io> Date: Fri, 1 Nov 2024 20:41:13 +0000 From: Orange Kao <orange@...en.io> To: tony.luck@...el.com, qiuxu.zhuo@...el.com Cc: bp@...en8.de, james.morse@....com, orange@...sy.org, linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org, mchehab@...nel.org, rric@...nel.org, Orange Kao <orange@...en.io> Subject: [PATCH 1/2] EDAC/igen6: Avoid segmentation fault when rmmod The segmentation fault happens because During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc] During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt); And that caused double kfree on the same memory address. My proposal is to set mci->pvt_info to NULL to avoid double-kfree. --- drivers/edac/igen6_edac.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/edac/igen6_edac.c b/drivers/edac/igen6_edac.c index 189a2fc29e74..07dacf8c10be 100644 --- a/drivers/edac/igen6_edac.c +++ b/drivers/edac/igen6_edac.c @@ -1245,6 +1245,7 @@ static int igen6_register_mci(int mc, u64 mchbar, struct pci_dev *pdev) imc->mci = mci; return 0; fail3: + mci->pvt_info = NULL; kfree(mci->ctl_name); fail2: edac_mc_free(mci); @@ -1269,6 +1270,7 @@ static void igen6_unregister_mcis(void) edac_mc_del_mc(mci->pdev); kfree(mci->ctl_name); + mci->pvt_info = NULL; edac_mc_free(mci); iounmap(imc->window); } -- 2.47.0
Powered by blists - more mailing lists