Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp3758227ybh;
        Tue, 6 Aug 2019 00:49:00 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzFQXfI14/P94lRAuM6QhBjrU+J8CVMVoKHs29yNp+J2fSsGvo2YZu9+7xzEUGGrnTQZQJH
X-Received: by 2002:aa7:940c:: with SMTP id x12mr2361565pfo.80.1565077740739;
        Tue, 06 Aug 2019 00:49:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565077740; cv=none;
        d=google.com; s=arc-20160816;
        b=M8a8hvEmq2MQzMx3l/1UdRIYF840Nnyu2+0GAWyWNG2K6riWkD407sniI2PeP7YCyI
         IOT/PQyKsmrDAzuWJFa0s5Ip9I6eJT4OrB71JSTnoMw/5B2uCon2sfI+ydbIsrXWPkUP
         f0nALhWEQh4dtokr2qNhyUP/IvqlivzBWJ8IN6ynZqSfXNsbPo1JxXM5xh4W1zzHpDUX
         +L54IiB2pfrbTa9xUsgCa6Zs9wVw/8JFaKMF+q1DR66EC1PgIqgoKF5xb22c+Ya4Qjqz
         NX+d+epFDPDketgala8vh2ewiG3dzMzVR1SfbtdneHQFYLB8SmQgH1j2Qst6j7AuHTPk
         3YMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:subject:cc
         :to:from;
        bh=Y+ko5atP/NSXbe42wGi3o4itXPi5r2ICzKU2APPImUw=;
        b=qSRAn1irRC4g3Pbq5cJYCYoOjuBpJgTkdUUlBwX1ES9j8bSznML7qzk2w2gtP88gl8
         sAJ0PGfB6/YykkRh62MqD5o77dMk4EWJ5q/ibhkQ7PYrt1adY8Rm/L/No0dn8W5R42LY
         KNEFkCoQBsoRiX37MEWJk5hczSwgn8rF0XKmNAHXrXR2B2CWXwkqY5hA6fjc5+bDxUpD
         +e3ia2Rw+uABD7GoRHN9P4oNmUT6RftKZ37A7SMAn4gkPF1S1C3cEAUBblY4IrYfuXEL
         JM6sZNkIQD+5tDBRyMX0/8oKYzU6/lOyHChOtJEb0XVmr3NoYKHnffX6L1h4Hb7TbLaO
         4SZQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i69si4910947pgd.184.2019.08.06.00.48.45;
        Tue, 06 Aug 2019 00:49:00 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731851AbfHFHqz (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Tue, 6 Aug 2019 03:46:55 -0400
Received: from szxga04-in.huawei.com ([45.249.212.190]:4180 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726834AbfHFHqz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Aug 2019 03:46:55 -0400
Received: from DGGEMS401-HUB.china.huawei.com (unknown [172.30.72.60])
        by Forcepoint Email with ESMTP id DEBA29780E0F6E8C051A;
        Tue,  6 Aug 2019 15:46:43 +0800 (CST)
Received: from use12-sp2.huawei.com (10.67.189.177) by
 DGGEMS401-HUB.china.huawei.com (10.3.19.201) with Microsoft SMTP Server id
 14.3.439.0; Tue, 6 Aug 2019 15:46:35 +0800
From:   chenzefeng <chenzefeng2@huawei.com>
To:     <tony.luck@intel.com>, <fenghua.yu@intel.com>,
        <chenzefeng2@huawei.com>
CC:     <linux-ia64@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <stable@vger.kernel.org>
Subject: [PATCH] ia64:unwind: fix double free for mod->arch.init_unw_table
Date:   Tue, 6 Aug 2019 15:46:33 +0800
Message-ID: <1565077593-72480-1-git-send-email-chenzefeng2@huawei.com>
X-Mailer: git-send-email 1.8.5.6
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.67.189.177]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The function free_module in file kernel/module.c as follow:

void free_module(struct module *mod) {
	......
	module_arch_cleanup(mod);
	......
	module_arch_freeing_init(mod);
	......
}

Both module_arch_cleanup and module_arch_freeing_init function
would free the mod->arch.init_unw_table, which cause double free.

Here, set mod->arch.init_unw_table = NULL after remove the unwind
table to avoid double free.

Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
---
 arch/ia64/kernel/module.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 326448f..1a42ba8 100644
--- a/arch/ia64/kernel/module.c
+++ b/arch/ia64/kernel/module.c
@@ -914,10 +914,14 @@ struct plt_entry {
 void
 module_arch_cleanup (struct module *mod)
 {
-	if (mod->arch.init_unw_table)
+	if (mod->arch.init_unw_table) {
 		unw_remove_unwind_table(mod->arch.init_unw_table);
-	if (mod->arch.core_unw_table)
+		mod->arch.init_unw_table = NULL;
+	}
+	if (mod->arch.core_unw_table) {
 		unw_remove_unwind_table(mod->arch.core_unw_table);
+		mod->arch.core_unw_table = NULL;
+	}
 }
 
 void *dereference_module_function_descriptor(struct module *mod, void *ptr)
-- 
1.8.5.6