Commit 4ddd3a86 authored Jan 02, 2025 by Orange Kao Committed by Ye Bin Jan 02, 2025

EDAC/igen6: Avoid segmentation fault on module unload

stable inclusion
from stable-v6.6.64
commit 830cabb61113d92a425dd3038ccedbdfb3c8d079
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEDPH
CVE: CVE-2024-56708

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=830cabb61113d92a425dd3038ccedbdfb3c8d079

--------------------------------

[ Upstream commit fefaae90398d38a1100ccd73b46ab55ff4610fba ]

The segmentation fault happens because:

During modprobe:
1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()
2. In igen6_register_mci(), mci->pvt_info will point to
   &igen6_pvt->imc[mc]

During rmmod:
1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)
2. In igen6_remove(), it will kfree(igen6_pvt);

Fix this issue by setting mci->pvt_info to NULL to avoid the double
kfree.

Fixes: 10590a9d ("EDAC/igen6: Add EDAC driver for Intel client SoCs using IBECC")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219360


Signed-off-by: Orange Kao <orange@aiven.io>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/r/20241104124237.124109-2-orange@aiven.io


Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Ye Bin <yebin10@huawei.com>

parent 1e531b83

drivers/edac/igen6_edac.c

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1075,6 +1075,7 @@ static int igen6_register_mci(int mc, u64 mchbar, struct pci_dev *pdev)
	imc->mci = mci;		imc->mci = mci;
	return 0;		return 0;
	fail3:		fail3:
			mci->pvt_info = NULL;
	kfree(mci->ctl_name);		kfree(mci->ctl_name);
	fail2:		fail2:
	edac_mc_free(mci);		edac_mc_free(mci);
	@@ -1099,6 +1100,7 @@ static void igen6_unregister_mcis(void)

	edac_mc_del_mc(mci->pdev);		edac_mc_del_mc(mci->pdev);
	kfree(mci->ctl_name);		kfree(mci->ctl_name);
			mci->pvt_info = NULL;
	edac_mc_free(mci);		edac_mc_free(mci);
	iounmap(imc->window);		iounmap(imc->window);
	}		}