On Tue, Dec 20, 2022 at 03:22:07PM +0530, Manivannan Sadhasivam wrote:
> This is a genuine use-after-free bug that happens because the edac core frees
> the memory assigned to "llcc_driv_data" pointer that gets passed as "pvt_info".
>
> Here, the LLCC driver is one creating the "qcom_llcc_edac" platform device and
> also allocating memory for "llcc_driv_data". But since during qcom_edac driver
> removal, we are just unregistering the driver and the platform device still
> stays around, the edac driver is not supposed to free any memory associated
> with the platform device.
If you mean
__edac_device_free_ctl_info()
it is very well supposed to free it as it allocates it in
edac_device_alloc_ctl_info().
If qcom_llcc_edac_probe() simply goes and assigns something of its own
to edev_ctl->pvt_info, then that driver gets to keep the pieces ofc.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
