On Fri, Dec 11, 2020 at 10:50:53AM +0100, Pawel Laszczak wrote: > This function uses "One Function Cleans up Everything" style and that's > basically impossible to do correctly. It's cleaner to write it with > "clean up the most recent allocation". > > Patch fixes two isues: > 1. If pdev->dcbaa = dma_alloc_coherent() fails then that leads to a NULL > dereference inside the cdnsp_free_priv_device() function. > 2. if cdnsp_alloc_priv_device() fails that leads to a double free because > we free pdev->out_ctx.bytes in several places. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Signed-off-by: Pawel Laszczak <pawell@xxxxxxxxxxx> > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Tested-by: Pawel Laszczak <pawell@xxxxxxxxxxx> > --- > drivers/usb/cdns3/cdnsp-mem.c | 36 +++++++++++++++++++++++------------ > 1 file changed, 24 insertions(+), 12 deletions(-) This file isn't in 5.11-rc1 :(
