mirror of https://github.com/torvalds/linux.git
add4c48503
When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability. Set bfad->im to NULL if probing fails. Signed-off-by: jackysliu <1972843537@qq.com> Link: https://lore.kernel.org/r/tencent_3BB950D6D2D470976F55FC879206DE0B9A09@qq.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
||
|---|---|---|
| .. | ||
| Makefile | ||
| bfa.h | ||
| bfa_core.c | ||
| bfa_cs.h | ||
| bfa_defs.h | ||
| bfa_defs_fcs.h | ||
| bfa_defs_svc.h | ||
| bfa_fc.h | ||
| bfa_fcbuild.c | ||
| bfa_fcbuild.h | ||
| bfa_fcpim.c | ||
| bfa_fcpim.h | ||
| bfa_fcs.c | ||
| bfa_fcs.h | ||
| bfa_fcs_fcpim.c | ||
| bfa_fcs_lport.c | ||
| bfa_fcs_rport.c | ||
| bfa_hw_cb.c | ||
| bfa_hw_ct.c | ||
| bfa_ioc.c | ||
| bfa_ioc.h | ||
| bfa_ioc_cb.c | ||
| bfa_ioc_ct.c | ||
| bfa_modules.h | ||
| bfa_plog.h | ||
| bfa_port.c | ||
| bfa_port.h | ||
| bfa_svc.c | ||
| bfa_svc.h | ||
| bfad.c | ||
| bfad_attr.c | ||
| bfad_bsg.c | ||
| bfad_bsg.h | ||
| bfad_debugfs.c | ||
| bfad_drv.h | ||
| bfad_im.c | ||
| bfad_im.h | ||
| bfi.h | ||
| bfi_ms.h | ||
| bfi_reg.h | ||