Hi,
On 5/14/24 11:26 AM, Harshit Mogalapalli wrote:
> In tpmi_sst_dev_remove(), tpmi_sst is dereferenced after being freed. Fix this by reordering the kfree() post the dereference.
>
> Fixes: 9d1d36268f3d ("platform/x86: ISST: Support partitioned systems")
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
This looks obviously correct to me:
Reviewed-by: Hans de Goede <hdegoede@xxxxxxxxxx>
Still would be nice if one of the Intel maintainers for this
can ack it.
Either way I'll merge this for the first pdx86 fixes pull-request
for 6.10 (when I get around to merging the first round of fixes).
Regards,
Hans
> ---
> This is found by smatch and only compile tested.
> ---
> drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c
> index 7bac7841ff0a..7fa360073f6e 100644
> --- a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c
> +++ b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c
> @@ -1610,8 +1610,8 @@ void tpmi_sst_dev_remove(struct auxiliary_device *auxdev)
> tpmi_sst->partition_mask_current &= ~BIT(plat_info->partition);
> /* Free the package instance when the all partitions are removed */
> if (!tpmi_sst->partition_mask_current) {
> - kfree(tpmi_sst);
> isst_common.sst_inst[tpmi_sst->package_id] = NULL;
> + kfree(tpmi_sst);
> }
> mutex_unlock(&isst_tpmi_dev_lock);
> }
