tipc: fix a double free in tipc_enable_bearer()

[ Upstream commit dc4501ff ] bearer_disable() already calls kfree_rcu() to free struct tipc_bearer, we don't need to call kfree() again. Fixes: cb30a633 ("tipc: refactor function tipc_enable_bearer()") Reported-by: syzbot+b981acf1fb240c0c128b@syzkaller.appspotmail.com Cc: Ying Xue <ying.xue@windriver.com> Cc: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: N Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

tipc: fix a double free in tipc_enable_bearer()
[ Upstream commit dc4501ff ] bearer_disable() already calls kfree_rcu() to free struct tipc_bearer, we don't need to call kfree() again. Fixes: cb30a633 ("tipc: refactor function tipc_enable_bearer()") Reported-by: syzbot+b981acf1fb240c0c128b@syzkaller.appspotmail.com Cc: Ying Xue <ying.xue@windriver.com> Cc: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: N Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
86ae1c8b · Cong Wang · Xie XiuQi · 10795b0f · 86ae1c8b
隐藏空白更改
内联并排

Showing with 0 addition and 1 deletion

net/tipc/bearer.c net/tipc/bearer.c +0 -1

未找到文件。
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -317,7 +317,6 @@ static int tipc_enable_bearer(struct net *net, const char *name,
 	res = tipc_disc_create(net, b, &b->bcast_addr, &skb);
 	if (res) {
 		bearer_disable(net, b);
-		kfree(b);
 		errstr = "failed to create discoverer";
 		goto rejected;
 	}