From: Daniele Alessandrelli <daniele.alessandrelli@xxxxxxxxx> rproc_alloc_firmware() (called by rproc_alloc()) can allocate rproc->firmware using kstrdup_const() and therefore should be freed using kfree_const(); however, rproc_set_firmware() frees it using the simple kfree(). This causes a kernel oops if a constant string is passed to rproc_alloc() and rproc_set_firmware() is subsequently called. Fix the above issue by using kfree_const() to free rproc->firmware in rproc_set_firmware(). Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@xxxxxxxxx> --- drivers/remoteproc/remoteproc_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index 2394eef383e3..ab150765d124 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1988,7 +1988,7 @@ int rproc_set_firmware(struct rproc *rproc, const char *fw_name) goto out; } - kfree(rproc->firmware); + kfree_const(rproc->firmware); rproc->firmware = p; out: base-commit: 8cc8eeffd058f3e7e2d8710a514ffcbc2bd69d28 -- 2.26.2
