From 0e31b12a06697e4e77131fb500127c6d82f6be29 Mon Sep 17 00:00:00 2001 From: Vijayanand Jitta Date: Tue, 10 May 2022 10:41:24 +0530 Subject: [PATCH] mem-buf-gh: Do not deref xfer_mem fields on error If we fail to allocate an xfer_mem object, do not dereference its fields. Change-Id: I6a86d86df384988568ce2e1a4966926171cf33ea Signed-off-by: Sukadev Bhattiprolu Signed-off-by: Vijayanand Jitta --- drivers/soc/qcom/mem_buf/mem-buf.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/soc/qcom/mem_buf/mem-buf.c b/drivers/soc/qcom/mem_buf/mem-buf.c index ecf902dda53f..0465e5df122c 100644 --- a/drivers/soc/qcom/mem_buf/mem-buf.c +++ b/drivers/soc/qcom/mem_buf/mem-buf.c @@ -630,6 +630,7 @@ static void mem_buf_alloc_req_work(struct work_struct *work) ret = PTR_ERR(xfer_mem); pr_err("%s: failed to process rmt memory alloc request: %d\n", __func__, ret); + xfer_mem = NULL; } else { resp_msg->hdl = xfer_mem->hdl; resp_msg->obj_id = xfer_mem->obj_id; @@ -649,10 +650,12 @@ static void mem_buf_alloc_req_work(struct work_struct *work) if (ret < 0) { pr_err("%s: failed to send memory allocation response rc: %d\n", __func__, ret); - mutex_lock(&mem_buf_xfer_mem_list_lock); - list_del(&xfer_mem->entry); - mutex_unlock(&mem_buf_xfer_mem_list_lock); - mem_buf_cleanup_alloc_req(xfer_mem, xfer_mem->hdl); + if (xfer_mem) { + mutex_lock(&mem_buf_xfer_mem_list_lock); + list_del(&xfer_mem->entry); + mutex_unlock(&mem_buf_xfer_mem_list_lock); + mem_buf_cleanup_alloc_req(xfer_mem, xfer_mem->hdl); + } } else { pr_debug("%s: Allocation response sent\n", __func__); }