This is a note to let you know that I've just added the patch titled firmware: arm_scmi: Fix double free in OPTEE transport to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: firmware-arm_scmi-fix-double-free-in-optee-transport.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 03e186a20f55d52ffed9a76d87cbd0ca001b4ce4 Author: Cristian Marussi <cristian.marussi@xxxxxxx> Date: Mon Aug 12 18:33:32 2024 +0100 firmware: arm_scmi: Fix double free in OPTEE transport [ Upstream commit e98dba934b2fc587eafb83f47ad64d9053b18ae0 ] Channels can be shared between protocols, avoid freeing the same channel descriptors twice when unloading the stack. Fixes: 5f90f189a052 ("firmware: arm_scmi: Add optee transport") Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx> Tested-by: Peng Fan <peng.fan@xxxxxxx> #i.MX95 19x19 EVK Reviewed-by: Peng Fan <peng.fan@xxxxxxx> Tested-by: Florian Fainelli <florian.fainelli@xxxxxxxxxxxx> Message-Id: <20240812173340.3912830-2-cristian.marussi@xxxxxxx> Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/firmware/arm_scmi/optee.c b/drivers/firmware/arm_scmi/optee.c index 2a7aeab40e543..f5f6ec83d3e1f 100644 --- a/drivers/firmware/arm_scmi/optee.c +++ b/drivers/firmware/arm_scmi/optee.c @@ -467,6 +467,13 @@ static int scmi_optee_chan_free(int id, void *p, void *data) struct scmi_chan_info *cinfo = p; struct scmi_optee_channel *channel = cinfo->transport_info; + /* + * Different protocols might share the same chan info, so a previous + * call might have already freed the structure. + */ + if (!channel) + return 0; + mutex_lock(&scmi_optee_private->mu); list_del(&channel->link); mutex_unlock(&scmi_optee_private->mu);