Searched hist:bc1371c1 (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/drivers/scsi/pm8001/ |
| H A D | pm8001_init.c | bc1371c1 Tue Aug 08 06:40:30 CDT 2017 Pan Bian <bianpan2016@163.com> scsi: pm8001: fix double free in pm8001_pci_probe
In function pm8001_pci_probe(), on errors that the control flow jumps to
label err_out_ha_free, function pm8001_free() is called. In pm8001_free(),
scsi_host_put() is called to release shost, which keeps the return value
of scsi_host_alloc(). After pm8001_free() returns, kfree() is called to
free shost again, resulting in a double free bug. This patch removes
scsi_host_put() from pm8001_free() and explicitly calls scsi_host_put()
to release Scsi_Host in need.
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reviewed-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
bc1371c1 Tue Aug 08 06:40:30 CDT 2017 Pan Bian <bianpan2016@163.com> scsi: pm8001: fix double free in pm8001_pci_probe
In function pm8001_pci_probe(), on errors that the control flow jumps to
label err_out_ha_free, function pm8001_free() is called. In pm8001_free(),
scsi_host_put() is called to release shost, which keeps the return value
of scsi_host_alloc(). After pm8001_free() returns, kfree() is called to
free shost again, resulting in a double free bug. This patch removes
scsi_host_put() from pm8001_free() and explicitly calls scsi_host_put()
to release Scsi_Host in need.
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reviewed-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|