This is a note to let you know that I've just added the patch titled
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
firmware-arm_scmi-fix-the-double-free-in-scmi_debugf.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 8b96623e04d3640d4824e64e0a1c7f09b66b3a74
Author: Su Hui <suhui@xxxxxxxxxxxx>
Date: Fri Oct 11 18:40:02 2024 +0800
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
[ Upstream commit 39b13dce1a91cdfc3bec9238f9e89094551bd428 ]
Clang static checker(scan-build) throws below warning:
| drivers/firmware/arm_scmi/driver.c:line 2915, column 2
| Attempt to free released memory.
When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()
will run twice which causes double free of 'dbg->name'.
Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.
Fixes: c3d4aed763ce ("firmware: arm_scmi: Populate a common SCMI debugfs root")
Signed-off-by: Su Hui <suhui@xxxxxxxxxxxx>
Reviewed-by: Cristian Marussi <cristian.marussi@xxxxxxx>
Message-Id: <20241011104001.1546476-1-suhui@xxxxxxxxxxxx>
Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index 87383c05424bd..3962683e2af9d 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -2603,10 +2603,8 @@ static struct scmi_debug_info *scmi_debugfs_common_setup(struct scmi_info *info)
dbg->top_dentry = top_dentry;
if (devm_add_action_or_reset(info->dev,
- scmi_debugfs_common_cleanup, dbg)) {
- scmi_debugfs_common_cleanup(dbg);
+ scmi_debugfs_common_cleanup, dbg))
return NULL;
- }
return dbg;
}
