mips: cdmm: fix use-after-free in mips_cdmm_bus_discover

[ Upstream commit f0e8224 ] kfree(dev) has been called inside put_device so anther kfree would cause a use-after-free bug/ Fixes: 8286ae0 ("MIPS: Add CDMM bus support") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com> Acked-by: Serge Semin <fancer.lancer@gmail.com> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Signed-off-by: Sasha Levin <sashal@kernel.org>
xanmod · Dec 30, 2020 · 1108b0f · 1108b0f
1 parent e7fd18c
commit 1108b0f
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/drivers/bus/mips_cdmm.c b/drivers/bus/mips_cdmm.c
@@ -559,10 +559,8 @@ static void mips_cdmm_bus_discover(struct mips_cdmm_bus *bus)
 		dev_set_name(&dev->dev, "cdmm%u-%u", cpu, id);
 		++id;
 		ret = device_register(&dev->dev);
-		if (ret) {
+		if (ret)
 			put_device(&dev->dev);
-			kfree(dev);
-		}
 	}
 }