1. Patchew
  2. linux
  3. [PATCH 0/2] EDAC/igen6: Avoid segmentation fault and add polling support
  4. View patch

[PATCH 1/2] EDAC/igen6: Avoid segmentation fault when rmmod

Orange Kao posted 2 patches 3 weeks, 1 day ago
There is a newer version of this series
[PATCH 1/2] EDAC/igen6: Avoid segmentation fault when rmmod
Posted by Orange Kao 3 weeks, 1 day ago 
The segmentation fault happens because

During modprobe:
1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()
2. In igen6_register_mci(), mci->pvt_info will point to
   &igen6_pvt->imc[mc]

During rmmod:
1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)
2. In igen6_remove(), it will kfree(igen6_pvt);

And that caused double kfree on the same memory address. My proposal is to set
mci->pvt_info to NULL to avoid double-kfree.
---
 drivers/edac/igen6_edac.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/edac/igen6_edac.c b/drivers/edac/igen6_edac.c
index 189a2fc29e74..07dacf8c10be 100644
--- a/drivers/edac/igen6_edac.c
+++ b/drivers/edac/igen6_edac.c
@@ -1245,6 +1245,7 @@ static int igen6_register_mci(int mc, u64 mchbar, struct pci_dev *pdev)
 	imc->mci = mci;
 	return 0;
 fail3:
+	mci->pvt_info = NULL;
 	kfree(mci->ctl_name);
 fail2:
 	edac_mc_free(mci);
@@ -1269,6 +1270,7 @@ static void igen6_unregister_mcis(void)
 
 		edac_mc_del_mc(mci->pdev);
 		kfree(mci->ctl_name);
+		mci->pvt_info = NULL;
 		edac_mc_free(mci);
 		iounmap(imc->window);
 	}
-- 
2.47.0
RE: [PATCH 1/2] EDAC/igen6: Avoid segmentation fault when rmmod
Posted by Zhuo, Qiuxu 3 weeks, 1 day ago 
> From: Orange Kao <orange@aiven.io>
> [...]
> Subject: [PATCH 1/2] EDAC/igen6: Avoid segmentation fault when rmmod

This is a bug. Let's fix it. Suggested subject as fellow:

    EDAC/igen6: Fix segmentation fault when rmmod

> The segmentation fault happens because
> During modprobe:
> 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In
> igen6_register_mci(), mci->pvt_info will point to
>    &igen6_pvt->imc[mc]
> 
> During rmmod:
> 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In
> igen6_remove(), it will kfree(igen6_pvt);
> 
> And that caused double kfree on the same memory address. 
> My proposal is to set
> mci->pvt_info to NULL to avoid double-kfree.

Please change the last sentence to:

  Fix this issue by setting mci->pvt_info to NULL to avoid the double kfree.

And append the following tags here:

  Fixes: 10590a9d4f23 ("EDAC/igen6: Add EDAC driver for Intel client SoCs using IBECC")
  Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219360
  Signed-off-by: Orange Kao <orange@aiven.io>

Thanks!
-Qiuxu

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.