-
Li Dongyang authored
We should free hotkey_keycode_map after unregistering tpacpi_inputdev, to aviod use after free like this: [ 99.408388] ============================================================================= [ 99.408393] BUG kmalloc-64 (Not tainted): Poison overwritten [ 99.408394] ----------------------------------------------------------------------------- [ 99.408394] [ 99.408398] INFO: 0xf2751962-0xf2751995. First byte 0x98 instead of 0x6b [ 99.408402] INFO: Allocated in 0xfdc88c28 age=79 cpu=0 pid=1329 [ 99.408407] __slab_alloc.isra.50.constprop.56+0x49f/0x533 [ 99.408410] kmem_cache_alloc_trace+0x10d/0x140 [ 99.408412] 0xfdc88c28 [ 99.408414] 0xfdc898cc [ 99.408417] do_one_initcall+0x112/0x160 [ 99.408420] sys_init_module+0xe6d/0x1bc0 [ 99.408422] sysenter_do_call+0x12/0x28 [ 99.408427] INFO: Freed in hotkey_exit+0x50/0xb0 [thinkpad_acpi] age=14 cpu=1 pid=1333 [ 99.408429] __slab_free+0x3d/0x30b [ 99.408431] kfree+0x129/0x140 [ 99.408435] hotkey_exit+0x50/0xb0 [thinkpad_acpi] [ 99.408438] ibm_exit+0xe3/0x1a0 [thinkpad_acpi] [ 99.408441] thinkpad_acpi_module_exit+0x35/0x208 [thinkpad_acpi] [ 99.408443] sys_delete_module+0x11f/0x280 [ 99.408445] sysenter_do_call+0x12/0x28 [ 99.408447] INFO: Slab 0xf4d5ea20 objects=17 used=17 fp=0x (null) flags=0x40000080 [ 99.408449] INFO: Object 0xf2751960 @offset=2400 fp=0xf2751780 [ 99.408449] [ 99.408452] Bytes b4 f2751950: 64 02 00 00 ae ce fe ff 5a 5a 5a 5a 5a 5a 5a 5a d.......ZZZZZZZZ [ 99.408454] Object f2751960: 6b 6b 98 00 ec 00 8e 00 ee 00 6b 6b e3 00 bf 00 kk........kk.... [ 99.408456] Object f2751970: c2 00 6b 6b 6b 6b cd 00 6b 6b 6b 6b 6b 6b e1 00 ..kkkk..kkkkkk.. [ 99.408458] Object f2751980: e0 00 e4 00 6b 6b 74 01 73 00 72 00 71 00 94 00 ....kkt.s.r.q... [ 99.408460] Object f2751990: 6b 6b 6b 6b f8 00 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkk..kkkkkkkkk. [ 99.408462] Redzone f27519a0: bb bb bb bb .... Signed-off-by:
Li Dongyang <Jerry87905@gmail.com> Signed-off-by:
Matthew Garrett <mjg@redhat.com>
00d39597
