Skip to content

Commit 915e34d

Browse files
juru1234kuba-moo
juru1234
authored and
kuba-moo
committed
s390/ism: add release function for struct device
According to device_release() in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calling device_add() without waiting for other kernel parts to release their references. Thus, a reference could still be held to a struct device, e.g., by sysfs, leading to potential use-after-free issues if a proper release function is not set. Fixes: 8c81ba2 ("net/smc: De-tangle ism and smc device initialization") Reviewed-by: Alexandra Winter <[email protected]> Reviewed-by: Wenjia Zhang <[email protected]> Signed-off-by: Julian Ruess <[email protected]> Signed-off-by: Alexandra Winter <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
1 parent 07b598c commit 915e34d

File tree

1 file changed

+12
-2
lines changed

1 file changed

+12
-2
lines changed

drivers/s390/net/ism_drv.c

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -588,6 +588,15 @@ static int ism_dev_init(struct ism_dev *ism)
588588
return ret;
589589
}
590590

591+
static void ism_dev_release(struct device *dev)
592+
{
593+
struct ism_dev *ism;
594+
595+
ism = container_of(dev, struct ism_dev, dev);
596+
597+
kfree(ism);
598+
}
599+
591600
static int ism_probe(struct pci_dev *pdev, const struct pci_device_id *id)
592601
{
593602
struct ism_dev *ism;
@@ -601,6 +610,7 @@ static int ism_probe(struct pci_dev *pdev, const struct pci_device_id *id)
601610
dev_set_drvdata(&pdev->dev, ism);
602611
ism->pdev = pdev;
603612
ism->dev.parent = &pdev->dev;
613+
ism->dev.release = ism_dev_release;
604614
device_initialize(&ism->dev);
605615
dev_set_name(&ism->dev, dev_name(&pdev->dev));
606616
ret = device_add(&ism->dev);
@@ -637,7 +647,7 @@ static int ism_probe(struct pci_dev *pdev, const struct pci_device_id *id)
637647
device_del(&ism->dev);
638648
err_dev:
639649
dev_set_drvdata(&pdev->dev, NULL);
640-
kfree(ism);
650+
put_device(&ism->dev);
641651

642652
return ret;
643653
}
@@ -682,7 +692,7 @@ static void ism_remove(struct pci_dev *pdev)
682692
pci_disable_device(pdev);
683693
device_del(&ism->dev);
684694
dev_set_drvdata(&pdev->dev, NULL);
685-
kfree(ism);
695+
put_device(&ism->dev);
686696
}
687697

688698
static struct pci_driver ism_driver = {

0 commit comments

Comments
 (0)