Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3e8b571a authored by Bjorn Andersson's avatar Bjorn Andersson
Browse files

remoteproc: qcom: mdt_loader: Don't overwrite firmware object 



The "fw" firmware object is passed from the remoteproc core and should
not be overwritten, as that results in leaked buffers and a double free
of the the last firmware object.

Fixes: 051fb70f ("remoteproc: qcom: Driver for the self-authenticating Hexagon v5")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
parent bde440ee

drivers/remoteproc/qcom_mdt_loader.c

+4 −3
Original line number Diff line number Diff line
@@ -97,6 +97,7 @@ int qcom_mdt_load(struct rproc *rproc, 
	const struct elf32_phdr *phdrs;

	const struct elf32_phdr *phdr;

	const struct elf32_hdr *ehdr;

	const struct firmware *seg_fw;

	size_t fw_name_len;

	char *fw_name;

	void *ptr;
@@ -135,16 +136,16 @@ int qcom_mdt_load(struct rproc *rproc, 


		if (phdr->p_filesz) {

			sprintf(fw_name + fw_name_len - 3, "b%02d", i);

			ret = request_firmware(&fw, fw_name, &rproc->dev);

			ret = request_firmware(&seg_fw, fw_name, &rproc->dev);

			if (ret) {

				dev_err(&rproc->dev, "failed to load %s\n",

					fw_name);

				break;

			}



			memcpy(ptr, fw->data, fw->size);

			memcpy(ptr, seg_fw->data, seg_fw->size);



			release_firmware(fw);

			release_firmware(seg_fw);

		}



		if (phdr->p_memsz > phdr->p_filesz)