vcsm: increment res_stats MAP_FAIL stats before we potentially releas…

…e the resource resource can be kfree'd when the reference count is zero, so we should not bump the res_stats of the resource after the vmcs_sm_release_resource call since the resource may have been kfree'd by this call. Instead, bump the stats before we call vmcs_sm_release_resource to avoid a potential NULL pointer derefernce. Bug found using cppcheck static analysis: [drivers/char/broadcom/vc_sm/vmcs_sm.c:1373]: (error) Dereferencing 'resource' after it is deallocated / released Signed-off-by: Colin Ian King <colin.king@canonical.com>
raspberrypi · Sep 14, 2015 · 1026505 · 1026505
1 parent 51a3a0c
commit 1026505
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/char/broadcom/vc_sm/vmcs_sm.c b/drivers/char/broadcom/vc_sm/vmcs_sm.c
@@ -1368,8 +1368,8 @@ static int vc_sm_mmap(struct file *file, struct vm_area_struct *vma)
 	return 0;
 
 error:
-	vmcs_sm_release_resource(resource, 0);
 	resource->res_stats[MAP_FAIL]++;
+	vmcs_sm_release_resource(resource, 0);
 	return ret;
 }