rproc_alloc_firmware() (called by rproc_alloc()) can allocate
rproc->firmware using kstrdup_const() and therefore should be freed
using kfree_const(); however, rproc_set_firmware() frees it using the
simple kfree(). This causes a kernel oops if a constant string is passed
to rproc_alloc() and rproc_set_firmware() is subsequently called.
Fix the above issue by using kfree_const() to free rproc->firmware in
rproc_set_firmware().
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Link: https://lore.kernel.org/r/20210118165904.719999-1-daniele.alessandrelli@linux.intel.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
goto out;
}
- kfree(rproc->firmware);
+ kfree_const(rproc->firmware);
rproc->firmware = p;
out: