On Fri, Jul 07, 2023 at 04:47:12PM +0300, Anastasia Belova wrote:
> Gasket common interrupt module was deleted in version 5.13,
> but there is possible double free in versions 4.19-5.12.
>
> gasket_dev->interrupt_data should be NULL when
> gasket_interrupt_init returns error. For example,
> it is necessary in gasket_enable_device to avoid
> double free.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 9a69f5087ccc ("drivers/staging: Gasket driver framework + Apex driver")
> Signed-off-by: Anastasia Belova <abelova@xxxxxxxxxxxxx>
> ---
> drivers/staging/gasket/gasket_interrupt.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/staging/gasket/gasket_interrupt.c b/drivers/staging/gasket/gasket_interrupt.c
> index 864342acfd86..24fa5df0628b 100644
> --- a/drivers/staging/gasket/gasket_interrupt.c
> +++ b/drivers/staging/gasket/gasket_interrupt.c
> @@ -337,6 +337,7 @@ int gasket_interrupt_init(struct gasket_dev *gasket_dev)
> sizeof(*interrupt_data->eventfd_ctxs), GFP_KERNEL);
> if (!interrupt_data->eventfd_ctxs) {
> kfree(interrupt_data);
> + gasket_dev->interrupt_data = NULL;
> return -ENOMEM;
> }
>
> @@ -346,6 +347,7 @@ int gasket_interrupt_init(struct gasket_dev *gasket_dev)
> if (!interrupt_data->interrupt_counts) {
> kfree(interrupt_data->eventfd_ctxs);
> kfree(interrupt_data);
> + gasket_dev->interrupt_data = NULL;
> return -ENOMEM;
> }
>
> --
> 2.30.2
>
As this can never happen in real life, and no one is using this code,
I'm going to ignore this patch for now, sorry.
greg k-h
