target/linux/brcm2708/patches-4.1/0173-vcsm-increment-res_stats-MAP_FAIL-stats-before-we-po.patch

   1 From 3037adf3f75b008d63a351b307f058200548c4ee Mon Sep 17 00:00:00 2001
   2 From: Colin Ian King <colin.king@canonical.com>
   3 Date: Wed, 2 Sep 2015 07:27:36 -0400
   4 Subject: [PATCH 173/222] vcsm: increment res_stats MAP_FAIL stats before we
   5  potentially release the resource
   6
   7 resource can be kfree'd when the reference count is zero, so we should
   8 not bump the res_stats of the resource after the vmcs_sm_release_resource
   9 call since the resource may have been kfree'd by this call. Instead, bump
  10 the stats before we call vmcs_sm_release_resource to avoid a potential
  11 NULL pointer derefernce.
  12
  13 Bug found using cppcheck static analysis:
  14
  15 [drivers/char/broadcom/vc_sm/vmcs_sm.c:1373]: (error) Dereferencing
  16   'resource' after it is deallocated / released
  17
  18 Signed-off-by: Colin Ian King <colin.king@canonical.com>
  19 ---
  20  drivers/char/broadcom/vc_sm/vmcs_sm.c | 2 +-
  21  1 file changed, 1 insertion(+), 1 deletion(-)
  22
  23 --- a/drivers/char/broadcom/vc_sm/vmcs_sm.c
  24 +++ b/drivers/char/broadcom/vc_sm/vmcs_sm.c
  25 @@ -1368,8 +1368,8 @@ static int vc_sm_mmap(struct file *file,
  26         return 0;
  27
  28  error:
  29 -       vmcs_sm_release_resource(resource, 0);
  30         resource->res_stats[MAP_FAIL]++;
  31 +       vmcs_sm_release_resource(resource, 0);
  32         return ret;
  33  }
  34