2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------ From: Ben Hutchings <[email protected]> commit 0f12a4e29368a9476076515881d9ef4e5876c6e2 upstream. Commit 280c73d ("PCI: centralize the capabilities code in pci-sysfs.c") changed the initialisation of the "rom" and "vpd" attributes, and made the failure path for the "vpd" attribute incorrect. We must free the new attribute structure (attr), but instead we currently free dev->vpd->attr. That will normally be NULL, resulting in a memory leak, but it might be a stale pointer, resulting in a double-free. Found by inspection; compile-tested only. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: Jesse Barnes <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Andi Kleen <[email protected]> --- drivers/pci/pci-sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: linux-2.6.35.y/drivers/pci/pci-sysfs.c =================================================================== --- linux-2.6.35.y.orig/drivers/pci/pci-sysfs.c 2011-03-29 22:50:37.342302922 -0700 +++ linux-2.6.35.y/drivers/pci/pci-sysfs.c 2011-03-29 23:03:02.539235198 -0700 @@ -1018,7 +1018,7 @@ attr->write = write_vpd_attr; retval = sysfs_create_bin_file(&dev->dev.kobj, attr); if (retval) { - kfree(dev->vpd->attr); + kfree(attr); return retval; } dev->vpd->attr = attr; _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
