From: J Freyensee Date: Wed, 25 May 2011 21:38:18 +0000 (-0700) Subject: pti: double-free security PTI fix X-Git-Tag: firefly_0821_release~3680^2~5148^2~4 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=29021bccea0dc42d7d101004058438a9a4e693b1;p=firefly-linux-kernel-4.4.55.git pti: double-free security PTI fix This patch fixes a double-free error that will not always be seen unless /dev/pti char interface is stressed. Signed-off-by: J Freyensee Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/misc/pti.c b/drivers/misc/pti.c index bb6f9255c17c..be4857358d91 100644 --- a/drivers/misc/pti.c +++ b/drivers/misc/pti.c @@ -317,7 +317,8 @@ EXPORT_SYMBOL_GPL(pti_request_masterchannel); * a master, channel ID address * used to write to PTI HW. * - * @mc: master, channel apeture ID address to be released. + * @mc: master, channel apeture ID address to be released. This + * will de-allocate the structure via kfree(). */ void pti_release_masterchannel(struct pti_masterchannel *mc) { @@ -581,7 +582,7 @@ static int pti_char_open(struct inode *inode, struct file *filp) static int pti_char_release(struct inode *inode, struct file *filp) { pti_release_masterchannel(filp->private_data); - kfree(filp->private_data); + filp->private_data = NULL; return 0; }