On Mon, Dec 27, 2021 at 05:44:32PM +0530, Sumit Garg wrote:
> commit 18549bf4b21c739a9def39f27dcac53e27286ab5 upstream.
>
> Pointer to the allocated pages (struct page *page) has already
> progressed towards the end of allocation. It is incorrect to perform
> __free_pages(page, order) using this pointer as we would free any
> arbitrary pages. Fix this by stop modifying the page pointer.
>
> Fixes: ec185dd3ab25 ("optee: Fix memory leak when failing to register shm pages")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Patrik Lantz <patrik.lantz@xxxxxxxx>
> Signed-off-by: Sumit Garg <sumit.garg@xxxxxxxxxx>
> Reviewed-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
> [SG: Backport for stable kernels]
> Signed-off-by: Sumit Garg <sumit.garg@xxxxxxxxxx>
> ---
> drivers/tee/optee/shm_pool.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
Now queued up, thanks.
greg k-h
