cpufreq: qcom-hw: fix dereferencing freed memory 'data'

Message ID 20210228013319.10469-1-shawn.guo@linaro.org
State Accepted
Commit 02fc409540303801994d076fcdb7064bd634dbf3
Headers show
Series
  • cpufreq: qcom-hw: fix dereferencing freed memory 'data'
Related show

Commit Message

Shawn Guo Feb. 28, 2021, 1:33 a.m.
Commit 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from
init/exit hooks") introduces an issue of dereferencing freed memory
'data'.  Fix it.

Fixes: 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>

---
Viresh,

The issue was introduced by v2 of "cpufreq: qcom-hw: drop devm_xxx()
calls from init/exit hooks", which misses the conversion of 'data->base'
in error path.  Sorry!

Shawn

 drivers/cpufreq/qcom-cpufreq-hw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.17.1

Comments

Viresh Kumar March 1, 2021, 4:34 a.m. | #1
On 28-02-21, 09:33, Shawn Guo wrote:
> Commit 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from

> init/exit hooks") introduces an issue of dereferencing freed memory

> 'data'.  Fix it.

> 

> Fixes: 67fc209b527d ("cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks")

> Reported-by: kernel test robot <lkp@intel.com>

> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

> Signed-off-by: Shawn Guo <shawn.guo@linaro.org>

> ---

> Viresh,

> 

> The issue was introduced by v2 of "cpufreq: qcom-hw: drop devm_xxx()

> calls from init/exit hooks", which misses the conversion of 'data->base'

> in error path.  Sorry!

> 

> Shawn

> 

>  drivers/cpufreq/qcom-cpufreq-hw.c | 2 +-

>  1 file changed, 1 insertion(+), 1 deletion(-)

> 

> diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c

> index d3c23447b892..bee5d67a8227 100644

> --- a/drivers/cpufreq/qcom-cpufreq-hw.c

> +++ b/drivers/cpufreq/qcom-cpufreq-hw.c

> @@ -374,7 +374,7 @@ static int qcom_cpufreq_hw_cpu_init(struct cpufreq_policy *policy)

>  error:

>  	kfree(data);

>  unmap_base:

> -	iounmap(data->base);

> +	iounmap(base);

>  release_region:

>  	release_mem_region(res->start, resource_size(res));

>  	return ret;


Applied. Thanks.
-- 
viresh

Patch

diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c
index d3c23447b892..bee5d67a8227 100644
--- a/drivers/cpufreq/qcom-cpufreq-hw.c
+++ b/drivers/cpufreq/qcom-cpufreq-hw.c
@@ -374,7 +374,7 @@  static int qcom_cpufreq_hw_cpu_init(struct cpufreq_policy *policy)
 error:
 	kfree(data);
 unmap_base:
-	iounmap(data->base);
+	iounmap(base);
 release_region:
 	release_mem_region(res->start, resource_size(res));
 	return ret;