Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Date:   Fri, 20 Nov 2020 17:06:54 +0300
From:   Serge Semin <fancer.lancer@gmail.com>
To:     Qinglang Miao <miaoqinglang@huawei.com>
Cc:     Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
        linux-mips@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
Message-ID: <20201120140654.e3jrnnyqesqbsko3@mobilestation>
References: <20201120074847.31369-1-miaoqinglang@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20201120074847.31369-1-miaoqinglang@huawei.com>
Precedence: bulk

Hello Qinglang

Thanks for the patch. Good catch. Please see a tiny nitpick below.

On Fri, Nov 20, 2020 at 03:48:47PM +0800, Qinglang Miao wrote:
> kfree(dev) has been called inside put_device so anther
> kfree would cause a use-after-free bug/
> 
> Fixes: 8286ae03308c ("MIPS: Add CDMM bus support")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
> ---
>  drivers/bus/mips_cdmm.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/bus/mips_cdmm.c b/drivers/bus/mips_cdmm.c
> index 9f7ed1fcd..e43786c67 100644
> --- a/drivers/bus/mips_cdmm.c
> +++ b/drivers/bus/mips_cdmm.c
> @@ -561,7 +561,6 @@ static void mips_cdmm_bus_discover(struct mips_cdmm_bus *bus)
>  		ret = device_register(&dev->dev);

>  		if (ret) {
>  			put_device(&dev->dev);
> -			kfree(dev);
>  		}

After removing kfree() from here the braces around the if clause
are no more needed in accordance with the kernel coding style.
Please remove them too. Then feel free to add the tag
Acked-by: Serge Semin <fancer.lancer@gmail.com>

-Sergey

>  	}
>  }
> -- 
> 2.23.0
>