>On Fri, Dec 11, 2020 at 10:50:53AM +0100, Pawel Laszczak wrote: >> This function uses "One Function Cleans up Everything" style and that's >> basically impossible to do correctly. It's cleaner to write it with >> "clean up the most recent allocation". >> >> Patch fixes two isues: >> 1. If pdev->dcbaa = dma_alloc_coherent() fails then that leads to a NULL >> dereference inside the cdnsp_free_priv_device() function. >> 2. if cdnsp_alloc_priv_device() fails that leads to a double free because >> we free pdev->out_ctx.bytes in several places. >> >> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> >> Signed-off-by: Pawel Laszczak <pawell@xxxxxxxxxxx> >> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> >> Tested-by: Pawel Laszczak <pawell@xxxxxxxxxxx> >> --- >> drivers/usb/cdns3/cdnsp-mem.c | 36 +++++++++++++++++++++++------------ >> 1 file changed, 24 insertions(+), 12 deletions(-) > >This file isn't in 5.11-rc1 :( Hi Greg, Sorry for the long delay. I had holiday. All CDNS3 and CDNSP patches should be added to Peter Chan tree, so I based on his tree. Regards, Pawel
