Re: scsi: pm8001: fix double free in pm8001_pci_probe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Pan,

> In function pm8001_pci_probe(), on errors that the control flow jumps to
> label err_out_ha_free, function pm8001_free() is called. In pm8001_free(),
> scsi_host_put() is called to release shost, which keeps the return value
> of scsi_host_alloc(). After pm8001_free() returns, kfree() is called to
> free shost again, resulting in a double free bug. This patch removes
> scsi_host_put() from pm8001_free() and explicitly calls scsi_host_put()
> to release Scsi_Host in need.

Applied to 4.14/scsi-queue.

-- 
Martin K. Petersen	Oracle Linux Engineering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux