redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/soundwire
History
Tom Rix fe0278843b soundwire: fix double free of dangling pointer 
[ Upstream commit 3fbbf2148a ]

clang static analysis flags this problem

stream.c:844:9: warning: Use of memory after
  it is freed
        kfree(bus->defer_msg.msg->buf);
              ^~~~~~~~~~~~~~~~~~~~~~~

This happens in an error handler cleaning up memory
allocated for elements in a list.

	list_for_each_entry(m_rt, &stream->master_list, stream_node) {
		bus = m_rt->bus;

		kfree(bus->defer_msg.msg->buf);
		kfree(bus->defer_msg.msg);
	}

And is triggered when the call to sdw_bank_switch() fails.
There are a two problems.

First, when sdw_bank_switch() fails, though it frees memory it
does not clear bus's reference 'defer_msg.msg' to that memory.

The second problem is the freeing msg->buf. In some cases
msg will be NULL so this will dereference a null pointer.
Need to check before freeing.

Fixes: 99b8a5d608 ("soundwire: Add bank switch routine")
Signed-off-by: Tom Rix <trix@redhat.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20200902202650.14189-1-trix@redhat.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-09-17 13:47:43 +02:00
..
Kconfig soundwire: depend on ACPI || OF 2019-10-15 16:15:58 +05:30
Makefile soundwire updates for v5.4-rc1 2019-09-22 10:52:23 -07:00
bus.c soundwire: core: add device tree support for slave devices 2019-09-04 13:12:31 +05:30
bus.h soundwire: core: add device tree support for slave devices 2019-09-04 13:12:31 +05:30
bus_type.c soundwire: add debugfs support 2019-08-23 12:01:02 +05:30
cadence_master.c soundwire updates for v5.4-rc1 2019-09-22 10:52:23 -07:00
cadence_master.h soundwire: cadence_master: add debugfs register dump 2019-08-23 12:01:02 +05:30
debugfs.c soundwire: add debugfs support 2019-08-23 12:01:02 +05:30
intel.c soundwire: intel: fix memory leak with devm_kasprintf 2020-07-22 09:33:00 +02:00
intel.h soundwire: fix typo in comments 2019-05-27 10:53:00 +05:30
intel_init.c soundwire: intel_init: add kernel module parameter to filter out links 2019-08-21 14:36:18 +05:30
mipi_disco.c soundwire: mipi_disco: Switch to use fwnode_property_count_uXX() 2019-08-02 17:15:13 +05:30
slave.c soundwire: slave: don't init debugfs on device registration error 2020-06-24 17:50:23 +02:00
stream.c soundwire: fix double free of dangling pointer 2020-09-17 13:47:43 +02:00