Commit 0efdedfa authored by Donet Tom's avatar Donet Tom Committed by Andrew Morton
Browse files

drivers/base/node: fix double free in register_one_node() 

When device_register() fails in register_node(), it calls
put_device(&node->dev).  This triggers node_device_release(), which calls
kfree(to_node(dev)), thereby freeing the entire node structure.

As a result, when register_node() returns an error, the node memory has
already been freed.  Calling kfree(node) again in register_one_node()
leads to a double free.

This patch removes the redundant kfree(node) from register_one_node() to
prevent the double free.

Link: https://lkml.kernel.org/r/20250918054144.58980-1-donettom@linux.ibm.com


Fixes: 786eb990 ("drivers/base/node: handle error properly in register_one_node()")
Signed-off-by: default avatarDonet Tom <donettom@linux.ibm.com>
Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
Acked-by: default avatarOscar Salvador <osalvador@suse.de>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Chris Mason <clm@meta.com>
Cc: Danilo Krummrich <dakr@kernel.org>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Joanthan Cameron <Jonathan.Cameron@huawei.com>
Cc: "Ritesh Harjani (IBM)" <ritesh.list@gmail.com>
Cc: Yury Norov (NVIDIA) <yury.norov@gmail.com>
Cc: Zi Yan <ziy@nvidia.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 4afb85f5

drivers/base/node.c

+0 −1
Original line number Diff line number Diff line
@@ -887,7 +887,6 @@ int register_one_node(int nid) 
	error = register_node(node_devices[nid], nid);

	if (error) {

		node_devices[nid] = NULL;

		kfree(node);

		return error;

	}