From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Subject: drivers/input/evdev.c: don't kfree() a vmalloc address If kzalloc() failed and then evdev_open_device() fails, evdev_open() will pass a vmalloc'ed pointer to kfree. This might fix https://bugzilla.kernel.org/show_bug.cgi?id=88401, where there was a crash in kfree(). Reported-by: Christian Casteyde <casteyde.christian@xxxxxxx> Cc: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> Cc: Henrik Rydberg <rydberg@xxxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/input/evdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN drivers/input/evdev.c~drivers-input-evdevc-dont-kfree-a-vmalloc-address drivers/input/evdev.c --- a/drivers/input/evdev.c~drivers-input-evdevc-dont-kfree-a-vmalloc-address +++ a/drivers/input/evdev.c @@ -421,7 +421,7 @@ static int evdev_open(struct inode *inod err_free_client: evdev_detach_client(evdev, client); - kfree(client); + kvfree(client); return error; } _ -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html