On Mon, 18 Apr 2022 16:57:58 +0800, Hangyu Hua wrote:
> info_release() will be called in device_unregister() when info->dev's
> reference count is 0. So there is no need to call ocxl_afu_put() and
> kfree() again.
>
> Fix this by adding free_minor() and return to err_unregister error path.
>
>
Frederic Barrat writes:
> On 21/04/2022 00:54, Michael Ellerman wrote:
>> Hangyu Hua writes:
>>> info_release() will be called in device_unregister() when info->dev's
>>> reference count is 0. So there is no need to call ocxl_afu_put() and
>>> kfree() again.
>>
>> Double frees are often
On 21/04/2022 00:54, Michael Ellerman wrote:
Hangyu Hua writes:
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Double frees are often exploitable. But it looks to me like this error
On 2022/4/21 06:54, Michael Ellerman wrote:
Hangyu Hua writes:
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Double frees are often exploitable. But it looks to me like this error
path
Hangyu Hua writes:
> info_release() will be called in device_unregister() when info->dev's
> reference count is 0. So there is no need to call ocxl_afu_put() and
> kfree() again.
Double frees are often exploitable. But it looks to me like this error
path is not easily reachable by an attacker.
On 2022/4/19 17:09, Frederic Barrat wrote:
On 18/04/2022 10:57, Hangyu Hua wrote:
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Fix this by adding free_minor() and return to
On 18/04/2022 10:57, Hangyu Hua wrote:
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
Fixes: 75ca758adbaf
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
Fixes: 75ca758adbaf ("ocxl: Create a clear delineation between ocxl