• Shuah Khan (Samsung OSG)'s avatar
    usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten · e28fd56a
    Shuah Khan (Samsung OSG) authored
    In rmmod path, usbip_vudc does platform_device_put() twice once from
    platform_device_unregister() and then from put_vudc_device().
    
    The second put results in:
    
    BUG kmalloc-2048 (Not tainted): Poison overwritten error or
    BUG: KASAN: use-after-free in kobject_put+0x1e/0x230 if KASAN is
    enabled.
    
    [  169.042156] calling  init+0x0/0x1000 [usbip_vudc] @ 1697
    [  169.042396] =============================================================================
    [  169.043678] probe of usbip-vudc.0 returned 1 after 350 usecs
    [  169.044508] BUG kmalloc-2048 (Not tainted): Poison overwritten
    [  169.044509] -----------------------------------------------------------------------------
    ...
    [  169.057849] INFO: Freed in device_release+0x2b/0x80 age=4223 cpu=3 pid=1693
    [  169.057852] 	kobject_put+0x86/0x1b0
    [  169.057853] 	0xffffffffc0c30a96
    [  169.057855] 	__x64_sys_delete_module+0x157/0x240
    
    Fix it to call platform_device_del() instead and let put_vudc_device() do
    the platform_device_put().
    Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
    Signed-off-by: default avatarShuah Khan (Samsung OSG) <shuah@kernel.org>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    e28fd56a
vudc_main.c 2.47 KB