misc: mic: scif: fix potential double free of scif_dev

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

_scif_init() free scif_dev in the free_sdev erro path,
but _scif_exit will free it again when module exit, it
cause BUG_ON issue,

kernel BUG at mm/slub.c:3944!
invalid opcode: 0000 [#1] SMP KASAN PTI

Set scif_dev to NULL in scif_destroy_scifdev() to fix it.

Cc: Sudeep Dutt <sudeep.dutt@intel.com>
Cc: Ashutosh Dixit <ashutosh.dixit@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Kefeng Wang and committed by

Greg Kroah-Hartman 6 years ago b0c35cb5 2f0f2441

1 changed file

expand all

drivers

misc

mic

scif

scif_main.c

drivers/misc/mic/scif/scif_main.c

··· 133 133 static void scif_destroy_scifdev(void) 134 134 { 135 135 kfree(scif_dev); 136 + scif_dev = NULL; 136 137 } 137 138 138 139 static int scif_probe(struct scif_hw_dev *sdev)