[PATCH] xhci_register: Fix double free on failure
Marek Vasut
marex at denx.de
Thu Jul 27 04:01:25 CEST 2023
On 7/24/23 21:45, Richard Habeeb wrote:
> drivers/core/device.c will call `device_free()` after xhci_register
> already frees the private device data. This can cause a crash later
> during the boot process, observed on aarch64 RPi4b as a synchronous
> exception. All callers of xhci_register use priv_auto, so this won't
> lead to memory leaks.
>
> Signed-off-by: Richard Habeeb <richard.habeeb at gmail.com>
> ---
>
> drivers/usb/host/xhci.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
> index 9e33c5d855..5cacf0769e 100644
> --- a/drivers/usb/host/xhci.c
> +++ b/drivers/usb/host/xhci.c
> @@ -1418,7 +1418,6 @@ int xhci_register(struct udevice *dev, struct
> xhci_hccr *hccr,
>
> return 0;
> err:
> - free(ctrl);
> debug("%s: failed, ret=%d\n", __func__, ret);
> return ret;
> }
The patch is corrupted (tabs in original source replaced by spaces).
Subject: tags should be 'usb: xhci:' .
Please make sure to use git send-email and look at previous commits for
subject tags next time .
Both fixed and applied to usb/master , thanks.
More information about the U-Boot
mailing list