Re: [PATCH] misc: fastrpc: Fix double free of 'buf' in error path

From: Dan Carpenter
Date: Fri May 19 2023 - 06:22:37 EST

Next message: Bhupesh Sharma: "Re: [PATCH v6 07/11] arm64: dts: qcom: sm6115: Add Crypto Engine support"
Previous message: Ratheesh Kannoth: "RE: Re: [PATCH net-next v3] octeontx2-pf: Add support for page pool"
In reply to: Srinivas Kandagatla: "Re: [PATCH] misc: fastrpc: Fix double free of 'buf' in error path"
Next in thread: Srinivas Kandagatla: "Re: [PATCH] misc: fastrpc: Fix double free of 'buf' in error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ----------------------->cut<---------------------------
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index f60bbf99485c..3fdd326e1ae8 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -1891,7 +1891,8 @@ static int fastrpc_req_mmap(struct fastrpc_user *fl,
> char __user *argp)
> &args[0]);
> if (err) {
> dev_err(dev, "mmap error (len 0x%08llx)\n", buf->size);
> - goto err_invoke;
> + fastrpc_buf_free(buf);
> + return err;
> }
>
> /* update the buffer to be able to deallocate the memory on the DSP
> */
> @@ -1930,11 +1931,7 @@ static int fastrpc_req_mmap(struct fastrpc_user *fl,
> char __user *argp)
> return 0;
>
> err_assign:
> - fastrpc_req_munmap_impl(fl, buf);
> -err_invoke:
> - fastrpc_buf_free(buf);
> -
> - return err;
> + return fastrpc_req_munmap_impl(fl, buf);

This will return success if copy_to_user() fails.

regards,
dan carpenter

Next message: Bhupesh Sharma: "Re: [PATCH v6 07/11] arm64: dts: qcom: sm6115: Add Crypto Engine support"
Previous message: Ratheesh Kannoth: "RE: Re: [PATCH net-next v3] octeontx2-pf: Add support for page pool"
In reply to: Srinivas Kandagatla: "Re: [PATCH] misc: fastrpc: Fix double free of 'buf' in error path"
Next in thread: Srinivas Kandagatla: "Re: [PATCH] misc: fastrpc: Fix double free of 'buf' in error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]