mainline inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4AH11?from=project-issue CVE: NA int driver/md/md.c, if the function autorun_array() is called, first called do_md_run() and then do_md_stop(), this time, the pointer mddev->private may be double free Signed-off-by: zhangyue <zhangyue1@kylinos.cn> --- drivers/md/md.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 4406bb137a27..aa204ec74066 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -6000,8 +6000,10 @@ static void __md_stop(struct mddev *mddev) spin_lock(&mddev->lock); mddev->pers = NULL; spin_unlock(&mddev->lock); - pers->free(mddev, mddev->private); - mddev->private = NULL; + if (mddev->private) { + pers->free(mddev, mddev->private); + mddev->private = NULL; + } if (pers->sync_request && mddev->to_remove == NULL) mddev->to_remove = &md_redundancy_group; module_put(pers->owner); -- 2.30.0