Re: scsi: pm8001: fix double free in pm8001_pci_probe

From: Martin K. Petersen
Date: Thu Aug 10 2017 - 20:06:04 EST

Next message: Martin K. Petersen: "Re: scsi: mvsas: replace kfree with scsi_host_put"
Previous message: Stephen Rothwell: "Re: linux-next: build failure in the staging tree (Was: kisskb: FAILED linux-next/s390-allmodconfig/s390x Mon Jul 31, 17:24)"
In reply to: Jinpu Wang: "Re: scsi: pm8001: fix double free in pm8001_pci_probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pan,

> In function pm8001_pci_probe(), on errors that the control flow jumps to
> label err_out_ha_free, function pm8001_free() is called. In pm8001_free(),
> scsi_host_put() is called to release shost, which keeps the return value
> of scsi_host_alloc(). After pm8001_free() returns, kfree() is called to
> free shost again, resulting in a double free bug. This patch removes
> scsi_host_put() from pm8001_free() and explicitly calls scsi_host_put()
> to release Scsi_Host in need.

Applied to 4.14/scsi-queue.

--
Martin K. Petersen Oracle Linux Engineering

Next message: Martin K. Petersen: "Re: scsi: mvsas: replace kfree with scsi_host_put"
Previous message: Stephen Rothwell: "Re: linux-next: build failure in the staging tree (Was: kisskb: FAILED linux-next/s390-allmodconfig/s390x Mon Jul 31, 17:24)"
In reply to: Jinpu Wang: "Re: scsi: pm8001: fix double free in pm8001_pci_probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]