Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e70898ae authored by Krzysztof Kozlowski's avatar Krzysztof Kozlowski Committed by Greg Kroah-Hartman
Browse files

rpmsg: Fix kfree() of static memory on setting driver_override 



commit 42cd402b8fd4672b692400fe5f9eecd55d2794ac upstream.

The driver_override field from platform driver should not be initialized
from static memory (string literal) because the core later kfree() it,
for example when driver_override is set via sysfs.

Use dedicated helper to set driver_override properly.

Fixes: 950a7388f02b ("rpmsg: Turn name service into a stand alone driver")
Fixes: c0cdc19f ("rpmsg: Driver for user space endpoint interface")
Reviewed-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220419113435.246203-13-krzysztof.kozlowski@linaro.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLee Jones <lee@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0df5d801

drivers/rpmsg/rpmsg_internal.h

+11 −2
Original line number Diff line number Diff line
@@ -84,10 +84,19 @@ struct device *rpmsg_find_device(struct device *parent, 
 */

static inline int rpmsg_chrdev_register_device(struct rpmsg_device *rpdev)

{

	int ret;



	strcpy(rpdev->id.name, "rpmsg_chrdev");

	rpdev->driver_override = "rpmsg_chrdev";

	ret = driver_set_override(&rpdev->dev, &rpdev->driver_override,

				  rpdev->id.name, strlen(rpdev->id.name));

	if (ret)

		return ret;



	ret = rpmsg_register_device(rpdev);

	if (ret)

		kfree(rpdev->driver_override);



	return rpmsg_register_device(rpdev);

	return ret;

}



#endif

include/linux/rpmsg.h

+4 −2
Original line number Diff line number Diff line
@@ -41,7 +41,9 @@ struct rpmsg_channel_info { 
 * rpmsg_device - device that belong to the rpmsg bus

 * @dev: the device struct

 * @id: device id (used to match between rpmsg drivers and devices)

 * @driver_override: driver name to force a match

 * @driver_override: driver name to force a match; do not set directly,

 *                   because core frees it; use driver_set_override() to

 *                   set or clear it.

 * @src: local address

 * @dst: destination address

 * @ept: the rpmsg endpoint of this channel
@@ -50,7 +52,7 @@ struct rpmsg_channel_info { 
struct rpmsg_device {

	struct device dev;

	struct rpmsg_device_id id;

	char *driver_override;

	const char *driver_override;

	u32 src;

	u32 dst;

	struct rpmsg_endpoint *ept;