There is invalid error code check of register_chrdev() in megaraid_init().
register_chrdev() returns negative code in case of error,
as a result current code can try to unregister_chrdev() with error code
instead of major that may lead to unregistering somebody else's chardev.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
---
drivers/scsi/megaraid.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c
index 9d05302a3bcd..ded082942ca0 100644
--- a/drivers/scsi/megaraid.c
+++ b/drivers/scsi/megaraid.c
@@ -4702,7 +4702,7 @@ static int __init megaraid_init(void)
* major number allocation.
*/
major = register_chrdev(0, "megadev_legacy", &megadev_fops);
- if (!major) {
+ if (major < 0) {
printk(KERN_WARNING
"megaraid: failed to register char device\n");
}
@@ -4715,7 +4715,10 @@ static void __exit megaraid_exit(void)
/*
* Unregister the character device interface to the driver.
*/
- unregister_chrdev(major, "megadev_legacy");
+ if (major > 0) {
+ unregister_chrdev(major, "megadev_legacy");
+ major = 0;
+ }
pci_unregister_driver(&megaraid_pci_driver);
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
