openwrtv4/target/linux/brcm2708/patches-4.1/0173-vcsm-increment-res_stats-MAP_FAIL-stats-before-we-po.patch
John Crispin d4b8d51580 brcm2708: update 4.1 patches
As usual, this patches were taken (and rebased) from
https://github.com/raspberrypi/linux/commits/rpi-4.1.y

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

SVN-Revision: 47922
2015-12-17 09:29:22 +00:00

34 lines
1.2 KiB
Diff

From 3037adf3f75b008d63a351b307f058200548c4ee Mon Sep 17 00:00:00 2001
From: Colin Ian King <colin.king@canonical.com>
Date: Wed, 2 Sep 2015 07:27:36 -0400
Subject: [PATCH 173/222] vcsm: increment res_stats MAP_FAIL stats before we
potentially release the resource
resource can be kfree'd when the reference count is zero, so we should
not bump the res_stats of the resource after the vmcs_sm_release_resource
call since the resource may have been kfree'd by this call. Instead, bump
the stats before we call vmcs_sm_release_resource to avoid a potential
NULL pointer derefernce.
Bug found using cppcheck static analysis:
[drivers/char/broadcom/vc_sm/vmcs_sm.c:1373]: (error) Dereferencing
'resource' after it is deallocated / released
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/char/broadcom/vc_sm/vmcs_sm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/char/broadcom/vc_sm/vmcs_sm.c
+++ b/drivers/char/broadcom/vc_sm/vmcs_sm.c
@@ -1368,8 +1368,8 @@ static int vc_sm_mmap(struct file *file,
return 0;
error:
- vmcs_sm_release_resource(resource, 0);
resource->res_stats[MAP_FAIL]++;
+ vmcs_sm_release_resource(resource, 0);
return ret;
}