[PATCH 4/5] vcsm: increment res_stats MAP_FAIL stats before we potentially release the resource
Paolo Pisati
paolo.pisati at canonical.com
Thu Sep 10 10:17:27 UTC 2015
From: Colin Ian King <colin.king at canonical.com>
resource can be kfree'd when the reference count is zero, so we should
not bump the res_stats of the resource after the vmcs_sm_release_resource
call since the resource may have been kfree'd by this call. Instead, bump
the stats before we call vmcs_sm_release_resource to avoid a potential
NULL pointer derefernce.
Bug found using cppcheck static analysis:
[drivers/char/broadcom/vc_sm/vmcs_sm.c:1373]: (error) Dereferencing
'resource' after it is deallocated / released
Signed-off-by: Colin Ian King <colin.king at canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
---
drivers/char/broadcom/vc_sm/vmcs_sm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/broadcom/vc_sm/vmcs_sm.c b/drivers/char/broadcom/vc_sm/vmcs_sm.c
index 0bfb42e..b62a3b2 100644
--- a/drivers/char/broadcom/vc_sm/vmcs_sm.c
+++ b/drivers/char/broadcom/vc_sm/vmcs_sm.c
@@ -1368,8 +1368,8 @@ static int vc_sm_mmap(struct file *file, struct vm_area_struct *vma)
return 0;
error:
- vmcs_sm_release_resource(resource, 0);
resource->res_stats[MAP_FAIL]++;
+ vmcs_sm_release_resource(resource, 0);
return ret;
}
--
2.1.4
More information about the kernel-team
mailing list