lib/test_kmod.c: potential double free in error handling [Linux 5.0]

This Linux kernel change "lib/test_kmod.c: potential double free in error handling" is included in the Linux 5.0 release. This change is authored by Dan Carpenter <dan.carpenter [at] oracle.com> on Fri Feb 1 14:20:58 2019 -0800. The commit for this change in Linux stable tree is db7ddea (patch).

lib/test_kmod.c: potential double free in error handling

There is a copy and paste bug so we set "config->test_driver" to NULL
twice instead of setting "config->test_fs".  Smatch complains that it
leads to a double free:

  lib/test_kmod.c:840 __kmod_config_init() warn: 'config->test_fs' double freed

Link: http://lkml.kernel.org/r/[email protected]
Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader")
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Luis Chamberlain <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 lib/test_kmod.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/test_kmod.c b/lib/test_kmod.c
index d82d022..9cf7762 100644
--- a/lib/test_kmod.c
+++ b/lib/test_kmod.c
@@ -632,7 +632,7 @@ static void __kmod_config_free(struct test_config *config)
    config->test_driver = NULL;

    kfree_const(config->test_fs);
-   config->test_driver = NULL;
+   config->test_fs = NULL;
 }

 static void kmod_config_free(struct kmod_test_device *test_dev)

Leave a Reply

Your email address will not be published. Required fields are marked *