There are two issues in this function.
1) We can't drop the refrences on "cpu", "codec" and "platform" before
we take the reference. This doesn't cause a problem on the first
iteration because those pointers start as NULL so the of_node_put()
is a no-op. But on the subsequent iterations, it will lead to a use
after free.
2) If the devm_kzalloc() allocation failed then the code returned
directly instead of cleaning up.
Fixes: c1e6414cdc37 ("ASoC: qcom: common: Fix refcount imbalance on error")
Fixes: 1e36ea360ab9 ("ASoC: qcom: common: use modern dai_link style")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20201105125154.GA176426@mwanda
Signed-off-by: Mark Brown <broonie@kernel.org>
dlc = devm_kzalloc(dev, 2 * sizeof(*dlc), GFP_KERNEL);
if (!dlc) {
ret = -ENOMEM;
- goto err;
+ goto err_put_np;
}
link->cpus = &dlc[0];
ret = of_property_read_string(np, "link-name", &link->name);
if (ret) {
dev_err(card->dev, "error getting codec dai_link name\n");
- goto err;
+ goto err_put_np;
}
cpu = of_get_child_by_name(np, "cpu");
} else {
/* DPCM frontend */
dlc = devm_kzalloc(dev, sizeof(*dlc), GFP_KERNEL);
- if (!dlc)
- return -ENOMEM;
+ if (!dlc) {
+ ret = -ENOMEM;
+ goto err;
+ }
link->codecs = dlc;
link->num_codecs = 1;
return 0;
err:
- of_node_put(np);
of_node_put(cpu);
of_node_put(codec);
of_node_put(platform);
+err_put_np:
+ of_node_put(np);
return ret;
}
EXPORT_SYMBOL(qcom_snd_parse_of);
projects / linux.git / commitdiff