4.9-stable review patch. If anyone has any objections, please let me know.
------------------ From: Bjorn Andersson <[email protected]> commit 3e8b571a9a0881ba3381ca0915995696da145ab8 upstream. The "fw" firmware object is passed from the remoteproc core and should not be overwritten, as that results in leaked buffers and a double free of the the last firmware object. Fixes: 051fb70fd4ea ("remoteproc: qcom: Driver for the self-authenticating Hexagon v5") Signed-off-by: Bjorn Andersson <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/remoteproc/qcom_mdt_loader.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/drivers/remoteproc/qcom_mdt_loader.c +++ b/drivers/remoteproc/qcom_mdt_loader.c @@ -115,6 +115,7 @@ int qcom_mdt_load(struct rproc *rproc, const struct elf32_phdr *phdrs; const struct elf32_phdr *phdr; const struct elf32_hdr *ehdr; + const struct firmware *seg_fw; size_t fw_name_len; char *fw_name; void *ptr; @@ -153,16 +154,16 @@ int qcom_mdt_load(struct rproc *rproc, if (phdr->p_filesz) { sprintf(fw_name + fw_name_len - 3, "b%02d", i); - ret = request_firmware(&fw, fw_name, &rproc->dev); + ret = request_firmware(&seg_fw, fw_name, &rproc->dev); if (ret) { dev_err(&rproc->dev, "failed to load %s\n", fw_name); break; } - memcpy(ptr, fw->data, fw->size); + memcpy(ptr, seg_fw->data, seg_fw->size); - release_firmware(fw); + release_firmware(seg_fw); } if (phdr->p_memsz > phdr->p_filesz)
