driver core: bus: Fix a potential double free

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The .release function of driver_ktype is 'driver_release()'.
This function frees the container_of this kobject.

So, this memory must not be freed explicitly in the error handling path of
'bus_add_driver()'. Otherwise a double free will occur.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Christophe JAILLET and committed by

Greg Kroah-Hartman 8 years ago 0f9b011d 7521621e

+1 -1

1 changed file

expand all

drivers

base

bus.c

+1 -1

drivers/base/bus.c

··· 698 698 699 699 out_unregister: 700 700 kobject_put(&priv->kobj); 701 - kfree(drv->p); 701 + /* drv->p is freed in driver_release() */ 702 702 drv->p = NULL; 703 703 out_put_bus: 704 704 bus_put(bus);