This is a note to let you know that I've just added the patch titled
mtd: phram: fix a double free issue in error path
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mtd-phram-fix-a-double-free-issue-in-error-path.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 49c64df880570034308e4a9a49c4bc95cf8cdb33 Mon Sep 17 00:00:00 2001
From: Wen Yang <wenyang@xxxxxxxxxxxxxxxxx>
Date: Wed, 18 Mar 2020 23:31:56 +0800
Subject: mtd: phram: fix a double free issue in error path
From: Wen Yang <wenyang@xxxxxxxxxxxxxxxxx>
commit 49c64df880570034308e4a9a49c4bc95cf8cdb33 upstream.
The variable 'name' is released multiple times in the error path,
which may cause double free issues.
This problem is avoided by adding a goto label to release the memory
uniformly. And this change also makes the code a bit more cleaner.
Fixes: 4f678a58d335 ("mtd: fix memory leaks in phram_setup")
Signed-off-by: Wen Yang <wenyang@xxxxxxxxxxxxxxxxx>
Cc: Joern Engel <joern@xxxxxxxxxxxxxxx>
Cc: Miquel Raynal <miquel.raynal@xxxxxxxxxxx>
Cc: Richard Weinberger <richard@xxxxxx>
Cc: Vignesh Raghavendra <vigneshr@xxxxxx>
Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Signed-off-by: Miquel Raynal <miquel.raynal@xxxxxxxxxxx>
Link: https://lore.kernel.org/linux-mtd/20200318153156.25612-1-wenyang@xxxxxxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/mtd/devices/phram.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -247,22 +247,25 @@ static int phram_setup(const char *val)
ret = parse_num64(&start, token[1]);
if (ret) {
- kfree(name);
parse_err("illegal start address\n");
+ goto error;
}
ret = parse_num64(&len, token[2]);
if (ret) {
- kfree(name);
parse_err("illegal device length\n");
+ goto error;
}
ret = register_device(name, start, len);
- if (!ret)
- pr_info("%s device: %#llx at %#llx\n", name, len, start);
- else
- kfree(name);
+ if (ret)
+ goto error;
+ pr_info("%s device: %#llx at %#llx\n", name, len, start);
+ return 0;
+
+error:
+ kfree(name);
return ret;
}
Patches currently in stable-queue which might be from wenyang@xxxxxxxxxxxxxxxxx are
queue-4.14/ipmi-fix-hung-processes-in-__get_guid.patch
queue-4.14/mtd-phram-fix-a-double-free-issue-in-error-path.patch
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
Patch "mtd: phram: fix a double free issue in error path" has been added to the 4.14-stable tree
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Patch "mtd: phram: fix a double free issue in error path" has been added to the 4.14-stable tree
- From: <gregkh@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Apr 2020 11:24:43 +0200
- Cc: stable-commits@xxxxxxxxxxxxxxx
- Prev by Date: [PATCH v3] mtd: spi-nor: Add support for s25fs128s1
- Next by Date: Patch "mtd: phram: fix a double free issue in error path" has been added to the 4.19-stable tree
- Previous by thread: [PATCH v3] mtd: spi-nor: Add support for s25fs128s1
- Next by thread: Patch "mtd: phram: fix a double free issue in error path" has been added to the 4.19-stable tree
- Index(es):
 |