Commit 0f9b011d authored by Christophe JAILLET's avatar Christophe JAILLET Committed by Greg Kroah-Hartman

driver core: bus: Fix a potential double free

The .release function of driver_ktype is 'driver_release()'.
This function frees the container_of this kobject.

So, this memory must not be freed explicitly in the error handling path of
'bus_add_driver()'. Otherwise a double free will occur.
Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7521621e
...@@ -698,7 +698,7 @@ int bus_add_driver(struct device_driver *drv) ...@@ -698,7 +698,7 @@ int bus_add_driver(struct device_driver *drv)
out_unregister: out_unregister:
kobject_put(&priv->kobj); kobject_put(&priv->kobj);
kfree(drv->p); /* drv->p is freed in driver_release() */
drv->p = NULL; drv->p = NULL;
out_put_bus: out_put_bus:
bus_put(bus); bus_put(bus);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment