If device_add() in stm_register_device() fails, stm_device_release()
is called to free stm, free stm again on err_device path will trigger
following warning,
Trying to vfree() nonexistent vm area (0000000054b5e7bc)
WARNING: CPU: 0 PID: 6004 at mm/vmalloc.c:1595 __vunmap+0x72/0x480
mm/vmalloc.c:1594
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 6004 Comm: syz-executor.0 Tainted: G C 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1
04/01/2014
Call Trace:
__vfree+0x2a/0x80 mm/vmalloc.c:1658
_vfree+0x49/0x70 mm/vmalloc.c:1688
stm_register_device+0x295/0x330 [stm_core]
dummy_stm_init+0xfe/0x1e0 [dummy_stm]
do_one_initcall+0xb9/0x3b5 init/main.c:914
do_init_module+0xe0/0x330 kernel/module.c:3468
load_module+0x38eb/0x4270 kernel/module.c:3819
__do_sys_finit_module+0x162/0x190 kernel/module.c:3909
do_syscall_64+0x72/0x2a0 arch/x86/entry/common.c:298
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Only free stm once if device_add() fails to fix it.
Reported-by: Hulk Robot <hul...@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.w...@huawei.com>
---
drivers/hwtracing/stm/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index e55b902560de..7b2ab7b2cc4d 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -864,6 +864,7 @@ static void stm_device_release(struct device *dev)
struct stm_device *stm = to_stm_device(dev);
vfree(stm);
+ stm->data->stm = NULL;
}
int stm_register_device(struct device *parent, struct stm_data *stm_data,
@@ -933,7 +934,8 @@ int stm_register_device(struct device *parent, struct
stm_data *stm_data,
/* matches device_initialize() above */
put_device(&stm->dev);
err_free:
- vfree(stm);
+ if (stm->data->stm)
+ vfree(stm);
return err;
}
--
2.20.1
