[bug report] rapidio: add mport char device driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Alexandre Bounine,

The patch e8de370188d0: "rapidio: add mport char device driver" from
Mar 22, 2016, leads to the following Smatch static checker warning:

	drivers/rapidio/devices/rio_mport_cdev.c:2185 mport_mm_close()
	error: dereferencing freed memory 'map'

drivers/rapidio/devices/rio_mport_cdev.c
    2178 static void mport_mm_close(struct vm_area_struct *vma)
    2179 {
    2180         struct rio_mport_mapping *map = vma->vm_private_data;
    2181 
    2182         rmcd_debug(MMAP, "%pad", &map->phys_addr);
    2183         mutex_lock(&map->md->buf_mutex);
    2184         kref_put(&map->ref, mport_release_mapping);
                                     ^^^^^^^^^^^^^^^^^^^^^
The mport_release_mapping() function frees "map".

--> 2185         mutex_unlock(&map->md->buf_mutex);
                               ^^^
Use after free.

    2186 }

regards,
dan carpenter
[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux