| Message ID | 20200202201922.22852-1-christophe.jaillet@wanadoo.fr (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | bef8e2dfceed6daeb6ca3e8d33f9c9d43b926580 |
| Headers | show |
| Series | MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' | expand |
Hello, Christophe JAILLET wrote: > Pointer on the memory allocated by 'alloc_progmem()' is stored in > 'v->load_addr'. So this is this memory that should be freed by > 'release_progmem()'. > > 'release_progmem()' is only a call to 'kfree()'. > > With the current code, there is both a double free and a memory leak. > Fix it by passing the correct pointer to 'release_progmem()'. Applied to mips-fixes. > commit bef8e2dfceed > https://git.kernel.org/mips/c/bef8e2dfceed > > Fixes: e01402b115ccc ("More AP / SP bits for the 34K, the Malta bits and things. Still wants") > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > Signed-off-by: Paul Burton <paulburton@kernel.org> Thanks, Paul [ This message was auto-generated; if you believe anything is incorrect then please email paulburton@kernel.org to report it. ]
diff --git a/arch/mips/kernel/vpe.c b/arch/mips/kernel/vpe.c index 6176b9acba95..d0d832ab3d3b 100644 --- a/arch/mips/kernel/vpe.c +++ b/arch/mips/kernel/vpe.c @@ -134,7 +134,7 @@ void release_vpe(struct vpe *v) { list_del(&v->list); if (v->load_addr) - release_progmem(v); + release_progmem(v->load_addr); kfree(v); }
Pointer on the memory allocated by 'alloc_progmem()' is stored in 'v->load_addr'. So this is this memory that should be freed by 'release_progmem()'. 'release_progmem()' is only a call to 'kfree()'. With the current code, there is both a double free and a memory leak. Fix it by passing the correct pointer to 'release_progmem()'. Fixes: e01402b115ccc ("More AP / SP bits for the 34K, the Malta bits and things. Still wants") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> --- Un-tested The 'if (v->load_addr)' looks also redundant, but, well, the code is old and I feel lazy tonight to send another patch for only that. --- arch/mips/kernel/vpe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)