soc: apple: rtkit: Use scope-based cleanup in apple_rtkit_crashlog_rx()

jannau · jannau · commit b00773d91a1b · 2025-07-28T09:29:24.000+02:00
Use scope-based cleanup for the crashlog buffer to simplify the function
and avoid problems like the one fixed in commit 1fb9f14458c0 ("soc:
apple: rtkit: Fix use-after-free in apple_rtkit_crashlog_rx()").

Signed-off-by: Janne Grunau &lt;j@jannau.net&gt;
diff --git a/drivers/soc/apple/rtkit.c b/drivers/soc/apple/rtkit.c
@@ -362,7 +362,7 @@ static void apple_rtkit_memcpy(struct apple_rtkit *rtk, void *dst,
 static void apple_rtkit_crashlog_rx(struct apple_rtkit *rtk, u64 msg)
 {
 	u8 type = FIELD_GET(APPLE_RTKIT_SYSLOG_TYPE, msg);
-	u8 *bfr;
+	u8 *bfr __free(kfree) = NULL;
 
 	if (type != APPLE_RTKIT_CRASHLOG_CRASH) {
 		dev_warn(rtk->dev, "RTKit: Unknown crashlog message: %llx\n",
@@ -396,8 +396,6 @@ static void apple_rtkit_crashlog_rx(struct apple_rtkit *rtk, u64 msg)
 	rtk->crashed = true;
 	if (rtk->ops->crashed)
 		rtk->ops->crashed(rtk->cookie, bfr, rtk->crashlog_buffer.size);
-
-	kfree(bfr);
 }
 
 static void apple_rtkit_ioreport_rx(struct apple_rtkit *rtk, u64 msg)
