]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commitdiff
remoteproc: core: Fix rproc->firmware free in rproc_set_firmware()
authorDaniele Alessandrelli <daniele.alessandrelli@intel.com>
Mon, 18 Jan 2021 16:59:04 +0000 (16:59 +0000)
committerBjorn Andersson <bjorn.andersson@linaro.org>
Tue, 9 Feb 2021 22:42:55 +0000 (16:42 -0600)
rproc_alloc_firmware() (called by rproc_alloc()) can allocate
rproc->firmware using kstrdup_const() and therefore should be freed
using kfree_const(); however, rproc_set_firmware() frees it using the
simple kfree(). This causes a kernel oops if a constant string is passed
to rproc_alloc() and rproc_set_firmware() is subsequently called.

Fix the above issue by using kfree_const() to free rproc->firmware in
rproc_set_firmware().

Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Link: https://lore.kernel.org/r/20210118165904.719999-1-daniele.alessandrelli@linux.intel.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
drivers/remoteproc/remoteproc_core.c

index 2394eef383e351f1083f9ee3bac297249fff9035..ab150765d1243fe24bf91e55eacd10531381fe02 100644 (file)
@@ -1988,7 +1988,7 @@ int rproc_set_firmware(struct rproc *rproc, const char *fw_name)
                goto out;
        }
 
-       kfree(rproc->firmware);
+       kfree_const(rproc->firmware);
        rproc->firmware = p;
 
 out: