Re: [PATCH v2] nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
From: Krzysztof Kozlowski
Date: Sat Nov 06 2021 - 05:42:31 EST
On 05/11/2021 14:36, Chengfeng Ye wrote:
> skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs,
> but follow error handler branch when pn533_fill_fragment_skbs()
> fails, skb is freed again, results in double free issue. Fix this
> by not free skb in error path of pn533_fill_fragment_skbs.
>
> Signed-off-by: Chengfeng Ye <cyeaa@xxxxxxxxxxxxxx>
> ---
> drivers/nfc/pn533/pn533.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
Looks good, thanks:
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxxxxx>
Please do not forget about fixes tag. Here it is trickier because
pn533_fill_fragment_skbs() usage was introduced in two commits:
Fixes: 963a82e07d4e ("NFC: pn533: Split large Tx frames in chunks")
Fixes: 93ad42020c2d ("NFC: pn533: Target mode Tx fragmentation support")
Cc: <stable@xxxxxxxxxxxxxxx>
Best regards,
Krzysztof