From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8D6111710 for ; Mon, 11 Sep 2023 15:19:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D461C433C8; Mon, 11 Sep 2023 15:19:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1694445572; bh=2/2zZFU0tyS1C57lVMxdUsA4MtRGELUdOQwhMIVJwhU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2uulBWAUtdgNXtFhZsd/RnZ0r/IcPPWtoDyVIaL1KOp9jsws6aXf2bIr0Z/ipyD5i AVb26a2rWgtTakDcgs+85GAnPuKQlWnhX0fVuCBJuEDM4KNb6WlTa10ppn98KGgyeK Xxn6mctK+ghcHR7FrzOjarBDewm9/OwJljdamEeI= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Konstantin Meskhidze , Jeff Moyer , Dave Jiang , Sasha Levin , Ivanov Mikhail Subject: [PATCH 6.1 364/600] nvdimm: Fix dereference after free in register_nvdimm_pmu() Date: Mon, 11 Sep 2023 15:46:37 +0200 Message-ID: <20230911134644.427076209@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230911134633.619970489@linuxfoundation.org> References: <20230911134633.619970489@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Konstantin Meskhidze [ Upstream commit 08ca6906a4b7e48f8e93b7c1f49a742a415be6d5 ] 'nd_pmu->pmu.attr_groups' is dereferenced in function 'nvdimm_pmu_free_hotplug_memory' call after it has been freed. Because in function 'nvdimm_pmu_free_hotplug_memory' memory pointed by the fields of 'nd_pmu->pmu.attr_groups' is deallocated it is necessary to call 'kfree' after 'nvdimm_pmu_free_hotplug_memory'. Fixes: 0fab1ba6ad6b ("drivers/nvdimm: Add perf interface to expose nvdimm performance stats") Co-developed-by: Ivanov Mikhail Signed-off-by: Konstantin Meskhidze Reviewed-by: Jeff Moyer Link: https://lore.kernel.org/r/20230817114103.754977-1-konstantin.meskhidze@huawei.com Signed-off-by: Dave Jiang Signed-off-by: Sasha Levin --- drivers/nvdimm/nd_perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvdimm/nd_perf.c b/drivers/nvdimm/nd_perf.c index 14881c4e03e6b..2b6dc80d8fb5b 100644 --- a/drivers/nvdimm/nd_perf.c +++ b/drivers/nvdimm/nd_perf.c @@ -308,8 +308,8 @@ int register_nvdimm_pmu(struct nvdimm_pmu *nd_pmu, struct platform_device *pdev) rc = perf_pmu_register(&nd_pmu->pmu, nd_pmu->pmu.name, -1); if (rc) { - kfree(nd_pmu->pmu.attr_groups); nvdimm_pmu_free_hotplug_memory(nd_pmu); + kfree(nd_pmu->pmu.attr_groups); return rc; } -- 2.40.1