1. Patchew
  2. linux
  3. View series

[PATCH net v2] net: wwan: iosm: fix potential memory leaks in ipc_imem_init()

Abdun Nihaal posted 1 patch 5 days, 20 hours ago 
drivers/net/wwan/iosm/iosm_ipc_imem.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH net v2] net: wwan: iosm: fix potential memory leaks in ipc_imem_init()
Posted by Abdun Nihaal 5 days, 20 hours ago 
The memory allocated in ipc_protocol_init() is not freed on the error
paths that follow in ipc_imem_init(). Fix that by calling the
corresponding release function ipc_protocol_deinit() in the error path.

Fixes: 3670970dd8c6 ("net: iosm: shared memory IPC interface")
Cc: stable@vger.kernel.org
Signed-off-by: Abdun Nihaal <nihaal@cse.iitm.ac.in>
---
v1->v2:
- Moved the ipc_protocol_deinit() call to a point after the tasklets and
  workers are cleaned up to avoid a possible Use after free, as
  suggested by Jakub Kicinski.

Link to v1 patch: https://lore.kernel.org/all/20260508092141.82495-1-nihaal@cse.iitm.ac.in/

 drivers/net/wwan/iosm/iosm_ipc_imem.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/wwan/iosm/iosm_ipc_imem.c b/drivers/net/wwan/iosm/iosm_ipc_imem.c
index 1b7bc7d63a2e..4405c8531888 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_imem.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_imem.c
@@ -1425,6 +1425,8 @@ struct iosm_imem *ipc_imem_init(struct iosm_pcie *pcie, unsigned int device_id,
 protocol_init_fail:
 	cancel_work_sync(&ipc_imem->run_state_worker);
 	ipc_task_deinit(ipc_imem->ipc_task);
+	if (ipc_imem->ipc_protocol)
+		ipc_protocol_deinit(ipc_imem->ipc_protocol);
 ipc_task_init_fail:
 	kfree(ipc_imem->ipc_task);
 ipc_task_fail:
-- 
2.43.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.