This patch fixes a use-after-free bug that can cause a kernel oops. If slic_card_init fails then slic_entry_probe (the pci probe() function for this device) will return error without cleaning up memory. Signed-off-by: David Matlack <dmatlack@xxxxxxxxxx> --- drivers/staging/slicoss/slicoss.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/drivers/staging/slicoss/slicoss.c b/drivers/staging/slicoss/slicoss.c index e27b88f..6113b90 100644 --- a/drivers/staging/slicoss/slicoss.c +++ b/drivers/staging/slicoss/slicoss.c @@ -3595,7 +3595,6 @@ static int slic_entry_probe(struct pci_dev *pcidev, struct net_device *netdev; struct adapter *adapter; void __iomem *memmapped_ioaddr = NULL; - u32 status = 0; ulong mmio_start = 0; ulong mmio_len = 0; struct sliccard *card = NULL; @@ -3686,16 +3685,11 @@ static int slic_entry_probe(struct pci_dev *pcidev, adapter->allocated = 1; } - status = slic_card_init(card, adapter); + err = slic_card_init(card, adapter); + if (err) + goto err_out_unmap; - if (status != 0) { - card->state = CARD_FAIL; - adapter->state = ADAPT_FAIL; - adapter->linkstate = LINK_DOWN; - dev_err(&pcidev->dev, "FAILED status[%x]\n", status); - } else { - slic_adapter_set_hwaddr(adapter); - } + slic_adapter_set_hwaddr(adapter); netdev->base_addr = (unsigned long)adapter->memorybase; netdev->irq = adapter->irq; @@ -3712,7 +3706,7 @@ static int slic_entry_probe(struct pci_dev *pcidev, cards_found++; - return status; + return 0; err_out_unmap: iounmap(memmapped_ioaddr); -- 1.9.2 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel