On Mon, Jan 18, 2021 at 04:59:04PM +0000, Daniele Alessandrelli wrote: > From: Daniele Alessandrelli <daniele.alessandrelli@xxxxxxxxx> > > rproc_alloc_firmware() (called by rproc_alloc()) can allocate > rproc->firmware using kstrdup_const() and therefore should be freed > using kfree_const(); however, rproc_set_firmware() frees it using the > simple kfree(). This causes a kernel oops if a constant string is passed > to rproc_alloc() and rproc_set_firmware() is subsequently called. > > Fix the above issue by using kfree_const() to free rproc->firmware in > rproc_set_firmware(). > > Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@xxxxxxxxx> > --- > drivers/remoteproc/remoteproc_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c > index 2394eef383e3..ab150765d124 100644 > --- a/drivers/remoteproc/remoteproc_core.c > +++ b/drivers/remoteproc/remoteproc_core.c > @@ -1988,7 +1988,7 @@ int rproc_set_firmware(struct rproc *rproc, const char *fw_name) > goto out; > } > > - kfree(rproc->firmware); > + kfree_const(rproc->firmware); > rproc->firmware = p; Reviewed-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx> > > out: > > base-commit: 8cc8eeffd058f3e7e2d8710a514ffcbc2bd69d28 > -- > 2.26.2 >