[PATCH] platform/chrome: chromeos_laptop - Fix potential double free

From: Keita Suzuki
Date: Sun Mar 13 2022 - 23:04:36 EST

Next message: Huang, Ying: "Re: [PATCH v2] mm: Only re-generate demotion targets when a numa node changes its N_CPU state"
Previous message: Miaohe Lin: "Re: [PATCH v2 2/3] mm/memory-failure.c: avoid calling invalidate_inode_page() with unexpected pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In chromeos_laptop_prepare(), cros_laptop->i2c_peripherals is allocated
inside chromeos_prepare_i2c_peripherals(), and is also freed when
encountering an error. The caller later calls chromeos_laptop_destroy()
to perform cleanup, which tries to free the same value again. As the
value is not NULLed, this will cause a double free error.

Fix this by setting cros_laptop->i2c_peripherals to NULL in the error
handler inside chromeos_prepare_i2c_peripherals() after conducting the
free.

Signed-off-by: Keita Suzuki <keitasuzuki.park@xxxxxxxxxxxxxxxxxxxx>
---
drivers/platform/chrome/chromeos_laptop.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
index 4e14b4d6635d..3d10257b1107 100644
--- a/drivers/platform/chrome/chromeos_laptop.c
+++ b/drivers/platform/chrome/chromeos_laptop.c
@@ -785,6 +785,7 @@ chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
fwnode_remove_software_node(info->fwnode);
}
kfree(cros_laptop->i2c_peripherals);
+ cros_laptop->i2c_peripherals = NULL;
return error;
}

--
2.25.1

Next message: Huang, Ying: "Re: [PATCH v2] mm: Only re-generate demotion targets when a numa node changes its N_CPU state"
Previous message: Miaohe Lin: "Re: [PATCH v2 2/3] mm/memory-failure.c: avoid calling invalidate_inode_page() with unexpected pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]