Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp1236618rdb; Sat, 7 Oct 2023 20:29:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEHTaZ6atvjS+rxYox9IdioNj/UuDthRJDIxT0+ysC+jRetfaxkn0hs9MVlaS2ciOuir6qI X-Received: by 2002:a05:6a20:f3af:b0:134:30a8:9df5 with SMTP id qr47-20020a056a20f3af00b0013430a89df5mr11885712pzb.43.1696735796466; Sat, 07 Oct 2023 20:29:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696735796; cv=none; d=google.com; s=arc-20160816; b=aTyPpW+mXqjm8ihznTCieNdwAhp8KPtMRDFG2vF5eO5cU5exnucAcZTAENuwdou3YY NyR/MKBZioZny8ko1eNHc9ex/EioI71LMSP+bRYIvUh4GvmDT95tQP9G+VF8CapzMzJW mxYpDr6pCO0VRErDdWOyXViOZ16Ocrei1oRLlQxOVKYTPs5ghjRyoW86GJSK2HhN1LN0 6q/eLzajq9bSgL1JVpUHQlcruuFT4gDNSbfyFMJYJ6vNqzrCvqce8Ftx/IW3Vgm8vHDQ s/QifrJNtykS6tOpgAxL27Vkaa64j4gyknxLBiRVA/KIkyZakKw6QUYR9mBhmO4vxFWE EAnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=e7cCmGLCM37ZwU74EhkE1WKsG60at6W6swzFi54iSBk=; fh=eBNGsFEJDHFNKR9Lwvn2FbDChfbYvNWnbMK3yZnFKU4=; b=nkGLw8TmUbBZmEj44v8klEu+JRFup4ZqlBK64U6Epaliw6Z+JVWvNdQAdhiADzEJnE SQLkyLsEpWVCaNU36HAAWaBaD63MJ/H/c0nAsh+/ghNhxT6tUMuh04FVu15HS9IROhe4 fOVzpoEa/r7hEzZoQNsVGNQKPx3mGrrrw08R2qy52NqWX3aAQIjxqSL5Nz855GOs1JH/ NuKMseEg8fvsb3B9OtQEoD7591Uz06liAlM6qRLiQ1qkjCHcerLowwPpizfhp3POtLL4 E7gixp+qhm33nLazMr84zIErvXTgmtDk98Mj1dMol5DGShAdFVuY+vkwxsWg7Jw+jERk MJuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id cm4-20020a056a020a0400b00578bb707e6esi6669441pgb.806.2023.10.07.20.29.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 07 Oct 2023 20:29:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id C453280990F8; Sat, 7 Oct 2023 20:29:53 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344331AbjJHD3p (ORCPT + 99 others); Sat, 7 Oct 2023 23:29:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344300AbjJHD3o (ORCPT ); Sat, 7 Oct 2023 23:29:44 -0400 Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5977BD for ; Sat, 7 Oct 2023 20:29:38 -0700 (PDT) X-UUID: 65fef9d365334aeb8b3bd23711c2f496-20231008 X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.32,REQID:3ad2d6a7-5ef2-49fa-8a01-ac7228f711c0,IP:10, URL:0,TC:0,Content:0,EDM:0,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACTI ON:release,TS:-5 X-CID-INFO: VERSION:1.1.32,REQID:3ad2d6a7-5ef2-49fa-8a01-ac7228f711c0,IP:10,UR L:0,TC:0,Content:0,EDM:0,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACTION :release,TS:-5 X-CID-META: VersionHash:5f78ec9,CLOUDID:d72ab3bf-14cc-44ca-b657-2d2783296e72,B ulkID:231008112927Q8RCSMWZ,BulkQuantity:0,Recheck:0,SF:38|24|17|19|44|102, TC:nil,Content:0,EDM:-3,IP:-2,URL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0 ,OSI:0,OSA:0,AV:0,LES:1,SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_FSD,TF_CID_SPAM_FSI,TF_CID_SPAM_SNR,TF_CID_SPAM_FAS X-UUID: 65fef9d365334aeb8b3bd23711c2f496-20231008 X-User: gehao@kylinos.cn Received: from localhost.localdomain [(116.128.244.171)] by mailgw (envelope-from ) (Generic MTA) with ESMTP id 1372250900; Sun, 08 Oct 2023 11:29:25 +0800 From: Hao Ge To: shawnguo@kernel.org, s.hauer@pengutronix.de Cc: kernel@pengutronix.de, festevam@gmail.com, linux-imx@nxp.com, christophe.jaillet@wanadoo.fr, robh@kernel.org, treding@nvidia.com, daniel.baluta@nxp.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gehao618@163.com, Hao Ge Subject: [PATCH] firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() Date: Sun, 8 Oct 2023 11:29:08 +0800 Message-Id: <20231008032908.11448-1-gehao@kylinos.cn> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Sat, 07 Oct 2023 20:29:54 -0700 (PDT) X-Spam-Level: ** dsp_chan->name and chan_name points to same block of memory, because dev_err still needs to be used it,so we need free it's memory after use to avoid use_after_free. Fixes: e527adfb9b7d ("firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()") Signed-off-by: Hao Ge --- drivers/firmware/imx/imx-dsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/imx/imx-dsp.c b/drivers/firmware/imx/imx-dsp.c index 508eab346fc6..a48a58e0c61f 100644 --- a/drivers/firmware/imx/imx-dsp.c +++ b/drivers/firmware/imx/imx-dsp.c @@ -114,11 +114,11 @@ static int imx_dsp_setup_channels(struct imx_dsp_ipc *dsp_ipc) dsp_chan->idx = i % 2; dsp_chan->ch = mbox_request_channel_byname(cl, chan_name); if (IS_ERR(dsp_chan->ch)) { - kfree(dsp_chan->name); ret = PTR_ERR(dsp_chan->ch); if (ret != -EPROBE_DEFER) dev_err(dev, "Failed to request mbox chan %s ret %d\n", chan_name, ret); + kfree(dsp_chan->name); goto out; } -- 2.25.1