1 |
From 736eedc974eaafbf4360e0ea85fc892cea72a223 Mon Sep 17 00:00:00 2001 |
2 |
From: Catalin Marinas <catalin.marinas@arm.com> |
3 |
Date: Thu, 22 Dec 2022 18:12:49 +0000 |
4 |
Subject: arm64: mte: Fix double-freeing of the temporary tag storage during coredump |
5 |
|
6 |
From: Catalin Marinas <catalin.marinas@arm.com> |
7 |
|
8 |
commit 736eedc974eaafbf4360e0ea85fc892cea72a223 upstream. |
9 |
|
10 |
Commit 16decce22efa ("arm64: mte: Fix the stack frame size warning in |
11 |
mte_dump_tag_range()") moved the temporary tag storage array from the |
12 |
stack to slab but it also introduced an error in double freeing this |
13 |
object. Remove the in-loop freeing. |
14 |
|
15 |
Fixes: 16decce22efa ("arm64: mte: Fix the stack frame size warning in mte_dump_tag_range()") |
16 |
Cc: <stable@vger.kernel.org> # 5.18.x |
17 |
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> |
18 |
Reported-by: Seth Jenkins <sethjenkins@google.com> |
19 |
Cc: Will Deacon <will@kernel.org> |
20 |
Link: https://lore.kernel.org/r/20221222181251.1345752-2-catalin.marinas@arm.com |
21 |
Signed-off-by: Will Deacon <will@kernel.org> |
22 |
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
23 |
--- |
24 |
arch/arm64/kernel/elfcore.c | 1 - |
25 |
1 file changed, 1 deletion(-) |
26 |
|
27 |
--- a/arch/arm64/kernel/elfcore.c |
28 |
+++ b/arch/arm64/kernel/elfcore.c |
29 |
@@ -65,7 +65,6 @@ static int mte_dump_tag_range(struct cor |
30 |
mte_save_page_tags(page_address(page), tags); |
31 |
put_page(page); |
32 |
if (!dump_emit(cprm, tags, MTE_PAGE_TAG_STORAGE)) { |
33 |
- mte_free_tag_storage(tags); |
34 |
ret = 0; |
35 |
break; |
36 |
} |