[PATCH 1/4] RTC: fix double free in rtc_register_device() error path

Dmitry Torokhov Mon, 20 Jul 2015 16:04:25 -0700

Commit 59cca865f21e9e7beab73fcf79ba4eb776a4c228 correctly noted that naked
kfree() should not be used after failed device_register() call, however,
while it added the needed put_device() it forgot to remove the original
kfree() causing double-free.


Cc: Vasiliy Kulikov <sego...@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torok...@gmail.com>
---
 drivers/rtc/class.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c
index ea2a315..eb82ec2 100644
--- a/drivers/rtc/class.c
+++ b/drivers/rtc/class.c
@@ -234,8 +234,9 @@ struct rtc_device *rtc_device_register(const char *name, 
struct device *dev,
 
        err = device_register(&rtc->dev);
        if (err) {
+               /* This will free both memory and the ID */
                put_device(&rtc->dev);
-               goto exit_kfree;
+               goto exit;
        }
 
        rtc_dev_add_device(rtc);
@@ -247,9 +248,6 @@ struct rtc_device *rtc_device_register(const char *name, 
struct device *dev,
 
        return rtc;
 
-exit_kfree:
-       kfree(rtc);
-
 exit_ida:
        ida_simple_remove(&rtc_ida, id);
 
-- 
2.4.3.573.g4eafbef

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 1/4] RTC: fix double free in rtc_register_device() error path

Reply via email to