On Wed, May 12, 2021 at 11:35:38PM +0200, Christophe JAILLET wrote:
> 'bus->mii_bus' have been allocated with 'devm_mdiobus_alloc_size()' in the
> probe function. So it must not be freed explicitly or there will be a
> double free.
Hi Christophe
[PATCH] net: mdio: Fix a double free issue in the .remove function
Please indicate in the subject which mdio bus driver has a double
free.
Also, octeon_mdiobus_remove() appears to have the same problem.
Andrew
Le 12/05/2021 à 23:44, Andrew Lunn a écrit :
> On Wed, May 12, 2021 at 11:35:38PM +0200, Christophe JAILLET wrote:
>> 'bus->mii_bus' have been allocated with 'devm_mdiobus_alloc_size()' in the
>> probe function. So it must not be freed explicitly or there will be a
>> double free.
>
> Hi Christophe
>
> [PATCH] net: mdio: Fix a double free issue in the .remove function
>
> Please indicate in the subject which mdio bus driver has a double
> free.
Ok, will do.
But looking at [1], it was not not self-explanatory that it was the rule
here :)
>
> Also, octeon_mdiobus_remove() appears to have the same problem.
In fact, even a little worse. It also calls 'mdiobus_free()' in the
error handling path of the probe (which is why my coccinelle script
didn't spot it. It looks for discrepancy between error handling path in
the probe and the remove function. If both are wrong, it looks safe :) )
I'll send another patch for this driver.
CJ
>
> Andrew
>
[1]:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/log/drivers/net/mdio