2021-02-28 01:37:18

by Shawn Guo

[permalink] [raw]
Subject: [PATCH] cpufreq: qcom-hw: fix dereferencing freed memory 'data'

Commit 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from
init/exit hooks") introduces an issue of dereferencing freed memory
'data'. Fix it.

Fixes: 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks")
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Shawn Guo <[email protected]>
---
Viresh,

The issue was introduced by v2 of "cpufreq: qcom-hw: drop devm_xxx()
calls from init/exit hooks", which misses the conversion of 'data->base'
in error path. Sorry!

Shawn

drivers/cpufreq/qcom-cpufreq-hw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c
index d3c23447b892..bee5d67a8227 100644
--- a/drivers/cpufreq/qcom-cpufreq-hw.c
+++ b/drivers/cpufreq/qcom-cpufreq-hw.c
@@ -374,7 +374,7 @@ static int qcom_cpufreq_hw_cpu_init(struct cpufreq_policy *policy)
error:
kfree(data);
unmap_base:
- iounmap(data->base);
+ iounmap(base);
release_region:
release_mem_region(res->start, resource_size(res));
return ret;
--
2.17.1


2021-03-01 06:09:18

by Viresh Kumar

[permalink] [raw]
Subject: Re: [PATCH] cpufreq: qcom-hw: fix dereferencing freed memory 'data'

On 28-02-21, 09:33, Shawn Guo wrote:
> Commit 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from
> init/exit hooks") introduces an issue of dereferencing freed memory
> 'data'. Fix it.
>
> Fixes: 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks")
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Dan Carpenter <[email protected]>
> Signed-off-by: Shawn Guo <[email protected]>
> ---
> Viresh,
>
> The issue was introduced by v2 of "cpufreq: qcom-hw: drop devm_xxx()
> calls from init/exit hooks", which misses the conversion of 'data->base'
> in error path. Sorry!
>
> Shawn
>
> drivers/cpufreq/qcom-cpufreq-hw.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c
> index d3c23447b892..bee5d67a8227 100644
> --- a/drivers/cpufreq/qcom-cpufreq-hw.c
> +++ b/drivers/cpufreq/qcom-cpufreq-hw.c
> @@ -374,7 +374,7 @@ static int qcom_cpufreq_hw_cpu_init(struct cpufreq_policy *policy)
> error:
> kfree(data);
> unmap_base:
> - iounmap(data->base);
> + iounmap(base);
> release_region:
> release_mem_region(res->start, resource_size(res));
> return ret;

Applied. Thanks.
--
viresh