[PATCH] staging: slicoss: fix free-after-free in slic_entry_remove

David Matlack matlackdavid at gmail.com
Fri May 23 04:25:41 UTC 2014


Fix two trivial free-after-free bugs in slic_entry_remove.

1. Don't iounmap() the same address twice. adapter->slic_regs
(iounmap()'ed in slic_unmap_mmio_space()) and dev->base_addr
(iounmap()'ed in slic_entry_remove()) are the same region.

2. Don't call release_mem_region() and pci_release_regions()
on the same pci_dev struct. They both free pci memory regions.

Signed-off-by: David Matlack <matlackdavid at gmail.com>
---
This patch was originally sent here https://lkml.org/lkml/2014/5/6/3 with
my google.com email address. But due to Google's recent change in DMARC
policies, that patchset was silently dropped for at least some users
(including my personal gmail account). So I'm sending it out now with
my gmail.com account. Let me know if this is an issue. Thanks.

 drivers/staging/slicoss/slicoss.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/drivers/staging/slicoss/slicoss.c b/drivers/staging/slicoss/slicoss.c
index 6113b90..452aa02 100644
--- a/drivers/staging/slicoss/slicoss.c
+++ b/drivers/staging/slicoss/slicoss.c
@@ -2955,8 +2955,6 @@ static void slic_card_cleanup(struct sliccard *card)
 static void slic_entry_remove(struct pci_dev *pcidev)
 {
 	struct net_device *dev = pci_get_drvdata(pcidev);
-	u32 mmio_start = 0;
-	uint mmio_len = 0;
 	struct adapter *adapter = netdev_priv(dev);
 	struct sliccard *card;
 	struct mcast_address *mcaddr, *mlist;
@@ -2965,12 +2963,6 @@ static void slic_entry_remove(struct pci_dev *pcidev)
 	slic_unmap_mmio_space(adapter);
 	unregister_netdev(dev);
 
-	mmio_start = pci_resource_start(pcidev, 0);
-	mmio_len = pci_resource_len(pcidev, 0);
-
-	release_mem_region(mmio_start, mmio_len);
-
-	iounmap((void __iomem *)dev->base_addr);
 	/* free multicast addresses */
 	mlist = adapter->mcastaddrs;
 	while (mlist) {
-- 
1.9.2



More information about the devel mailing list