superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/uio
History
Guangshuo Li f74c8696f1 uio: uio_pci_generic_sva: fix double free of devm_kzalloc() memory 
uio_pci_sva allocates struct uio_pci_sva_dev with devm_kzalloc() in
probe(), but then calls kfree(udev) both on the probe() error path
(label out_free) and again in remove().

Because devm_kzalloc() allocations are devres-managed and are freed
automatically when the device is detached (including after a failing
probe() and during driver unbind), the explicit kfree() can lead to a
double free.

If probe() fails after devm_kzalloc(), the error path frees udev and
devres cleanup will free it again when the core unwinds the partially
bound device. On normal driver removal, remove() frees udev and devres
will free it again when the device is detached.

This issue was identified by a static analysis tool I developed and
confirmed by manual review. Fix by removing the manual kfree() calls
and dropping the now-unused label.

Fixes: 3397c3cd85 ("uio: Add SVA support for PCI devices via uio_pci_generic_sva.c")
Cc: stable <stable@kernel.org>
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
Link: https://patch.msgid.link/20260505150256.614071-1-lgs201920130244@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2026-05-22 12:19:02 +02:00
..
Kconfig uio: Add SVA support for PCI devices via uio_pci_generic_sva.c 2025-11-26 15:10:39 +01:00
Makefile uio: Add SVA support for PCI devices via uio_pci_generic_sva.c 2025-11-26 15:10:39 +01:00
uio.c uio: replace deprecated mmap hook with mmap_prepare in uio_info 2026-04-05 13:53:44 -07:00
uio_aec.c uio: Constify struct pci_device_id 2025-09-06 15:57:04 +02:00
uio_cif.c uio: Constify struct pci_device_id 2025-09-06 15:57:04 +02:00
uio_dfl.c uio: dfl: add vendor-specific feature id 2023-05-31 19:00:37 +01:00
uio_dmem_genirq.c uio: uio_dmem_genirq: Remove dummy PM handling 2025-09-06 15:57:15 +02:00
uio_fsl_elbc_gpcm.c uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe 2025-10-22 08:00:02 +02:00
uio_hv_generic.c drivers: hv: vmbus: replace deprecated mmap hook with mmap_prepare 2026-04-05 13:53:44 -07:00
uio_mf624.c uio: add missing MODULE_DESCRIPTION() macros 2024-06-04 17:39:12 +02:00
uio_netx.c uio: Constify struct pci_device_id 2025-09-06 15:57:04 +02:00
uio_pci_generic.c Merge 50f09a3dd5 ("Merge tag 'char-misc-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc") into char-misc-next 2021-05-21 09:48:31 +02:00
uio_pci_generic_sva.c uio: uio_pci_generic_sva: fix double free of devm_kzalloc() memory 2026-05-22 12:19:02 +02:00
uio_pdrv_genirq.c uio: uio_pdrv_genirq: Remove dummy PM handling 2025-09-06 15:57:18 +02:00
uio_sercos3.c uio: Constify struct pci_device_id 2025-09-06 15:57:04 +02:00