From: Konstantin Khlebnikov Date: Fri, 14 Dec 2012 11:03:10 +0000 (+0400) Subject: EDAC: Fix kernel panic on module unloading X-Git-Tag: firefly_0821_release~3680^2~1289^2~2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=311bd84247ee0bedae6cdfbfc5e2c3450f9decd1;p=firefly-linux-kernel-4.4.55.git EDAC: Fix kernel panic on module unloading This patch fixes use-after-free and double-free bugs in edac_mc_sysfs_exit(). mci_pdev has single reference and put_device() calls mc_attr_release() which calls kfree(). The following device_del() works with already released memory. An another kfree() in edac_mc_sysfs_exit() releses the same memory again. Great. Signed-off-by: Konstantin Khlebnikov Cc: stable@vger.kernel.org # 3.[67] Cc: Denis Kirjanov Cc: Mauro Carvalho Chehab Link: http://lkml.kernel.org/r/20121214110310.11019.21098.stgit@zurg Signed-off-by: Borislav Petkov --- diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c index de2df92f9c77..a3b0119ecb00 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c @@ -1159,8 +1159,7 @@ int __init edac_mc_sysfs_init(void) void __exit edac_mc_sysfs_exit(void) { - put_device(mci_pdev); device_del(mci_pdev); + put_device(mci_pdev); edac_put_sysfs_subsys(); - kfree(mci_pdev); }