This bug was introduced by commit 92eb77d ("Input: evdev - fall back
to vmalloc for client event buffer").
vzalloc is used to alloc memory as fallback in case of failure
of kzalloc. But err_free_client was not considered on below case.
1. kzalloc fail
2. vzalloc success
3. evdev_open_device fail
4. kfree
So that address checking is needed to call correct free function.
Signed-off-by: Yongtaek Lee <ytk.lee@xxxxxxxxxxx>
Reviewed-by: Daniel Stone <daniels@xxxxxxxxxxxxx>
Reviewed-by: David Herrmann <dh.herrmann@xxxxxxxxx>
Acked-by: David Rientjes <rientjes@xxxxxxxxxx>
---
drivers/input/evdev.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index ce953d8..f60daa0 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -422,7 +422,10 @@ static int evdev_open(struct inode *inode, struct file *file)
err_free_client:
evdev_detach_client(evdev, client);
- kfree(client);
+ if (is_vmalloc_addr(client))
+ vfree(client);
+ else
+ kfree(client);
return error;
}
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
