Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp109654ybl; Tue, 7 Jan 2020 03:07:29 -0800 (PST) X-Google-Smtp-Source: APXvYqw20B8kWuhujEz99v5p4E6TbQzVWsKiZw5lNB4FR2H2ANIzazU3iAKd5hM295Uf2aejQF/F X-Received: by 2002:a9d:5918:: with SMTP id t24mr2365723oth.310.1578395249176; Tue, 07 Jan 2020 03:07:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578395249; cv=none; d=google.com; s=arc-20160816; b=EoPVmVEIO/48PM6Q3Lj5Jo9dTsqkFJ8Pn9/w27RokubVlKpq4+7McJzDKizaBU6jgM grtIcT+eskp9ApWdwLaq94jZ+Sp76b/YzGKpdU9FKX0J8XH95Z8j1r4XdFxOcAA75kNo 9YkAOjnkf5vMjnE4H3PrUzf1mmZJG+Rm+L1NCYHodtUKEvykp8a9uzfLQG5479OUMWuU K3v6MiGzAWH8mi7spb/JPqBc854f+dF8t2GLf0y+7DN0av42B7OOklPLJvqZX6EQiRzS 2XEl0oORza1aTX1SoJ5MBC8wfZ42QIZelBlr3BSOs1V28PjSJHsfxsKAsCM9RnM/nwDL r2UQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=IOFlbDMRGRE7Jjz9lOESvn8C5xhadp+jKsQe2GQoZ8g=; b=ZZDnFW0Xx1ZoQlNlnhJz5ZBw7ryiTkPEwLgxePuvEkvvbJSbjkbJrdaEvXXTNoxf5i S3kjG5bsXxuknp6C9e1HFE+wTmLGiPPh1+K8eb6rUtLbGfVYeEegQg7JqMrCdSElqolu w0p3PG1Q0cotxGibUIxxPGSVyqmdpUmtws3gXqBzxhc6APhyb+/OBx6F2SbiQ1NiBEk2 PfOXvnF8blfNqc9AopziNVWfFZjsez/dmxDoIiMiUfYY57+ZxIZEguUZ3pMiNuUYWInf 5mhHVpq8Kkx75JV93VQWHkPPNdzDpH/KG/UJKU6Og0vokmZZIYIP0NgHCwStmUd5Zqgh vb/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d10si1975867oti.226.2020.01.07.03.07.15; Tue, 07 Jan 2020 03:07:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727787AbgAGLFM (ORCPT + 99 others); Tue, 7 Jan 2020 06:05:12 -0500 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:35223 "EHLO relay5-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727211AbgAGLFM (ORCPT ); Tue, 7 Jan 2020 06:05:12 -0500 X-Originating-IP: 84.44.14.226 Received: from nexussix.ar.arcelik (unknown [84.44.14.226]) (Authenticated sender: cengiz@kernel.wtf) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 47D181C000C; Tue, 7 Jan 2020 11:05:06 +0000 (UTC) From: Cengiz Can To: linux-kernel@vger.kernel.org, Kees Cook , Anton Vorontsov , Colin Cross , Tony Luck Cc: Cengiz Can Subject: [PATCH] fs: pstore: fix double-free on ramoops_init_przs Date: Tue, 7 Jan 2020 14:04:46 +0300 Message-Id: <20200107110445.162404-1-cengiz@kernel.wtf> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org According to Coverity scanner (CID 1457526) kfree on ram.c:591 frees label which has already been freed. Here's the flow as I have understood (this is my first time reading pstore's files): Whenever `persistent_ram_new` fails, it implicitly calls `persistent_ram_free(prz)` which already does `kfree(prz->label)` and a `kfree(prz)` consequently. Removed `kfree(label)` to prevent double-free. Signed-off-by: Cengiz Can --- fs/pstore/ram.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c index 487ee39b4..e196aa08f 100644 --- a/fs/pstore/ram.c +++ b/fs/pstore/ram.c @@ -588,7 +588,6 @@ static int ramoops_init_przs(const char *name, dev_err(dev, "failed to request %s mem region (0x%zx@0x%llx): %d\n", name, record_size, (unsigned long long)*paddr, err); - kfree(label); while (i > 0) { i--; -- 2.24.1