Commit bc3a0241 authored May 15, 2020 by Jacob Keller Committed by Jeff Kirsher May 28, 2020

ice: fix potential double free in probe unrolling



If ice_init_interrupt_scheme fails, ice_probe will jump to clearing up
the interrupts. This can lead to some static analysis tools such as the
compiler sanitizers complaining about double free problems.

Since ice_init_interrupt_scheme already unrolls internally on failure,
there is no need to call ice_clear_interrupt_scheme when it fails. Add
a new unroll label and use that instead.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>

parent 072064a4

drivers/net/ethernet/intel/ice/ice_main.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -3418,7 +3418,7 @@ ice_probe(struct pci_dev pdev, const struct pci_device_id __always_unused ent)
		if (err) {
		dev_err(dev, "ice_init_interrupt_scheme failed: %d\n", err);
		err = -EIO;
		goto err_init_interrupt_unroll;
		goto err_init_vsi_unroll;
		}

		/* In case of MSIX we are going to setup the misc vector right here
		@@ -3511,6 +3511,7 @@ err_msix_misc_unroll:
		ice_free_irq_msix_misc(pf);
		err_init_interrupt_unroll:
		ice_clear_interrupt_scheme(pf);
		err_init_vsi_unroll:
		devm_kfree(dev, pf->vsi);
		err_init_pf_unroll:
		ice_deinit_pf(pf);

Admin message