[PATCH] soc: fsl: dpio: Use after free in dpaa2_dpio_remove()
Li Yang
leoyang.li at nxp.com
Tue Feb 5 07:59:48 AEDT 2019
On Mon, Feb 4, 2019 at 8:12 AM Dan Carpenter <dan.carpenter at oracle.com> wrote:
>
> The dpaa2_io_down(priv->io) call frees "priv->io" so I've shifted the
> code around a little bit to avoid the use after free.
>
> Fixes: 991e873223e9 ("soc: fsl: dpio: use a cpumask to identify which cpus are unused")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Applied. Thanks.
> ---
> drivers/soc/fsl/dpio/dpio-driver.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/soc/fsl/dpio/dpio-driver.c b/drivers/soc/fsl/dpio/dpio-driver.c
> index 2d4af32a0dec..a28799b62d53 100644
> --- a/drivers/soc/fsl/dpio/dpio-driver.c
> +++ b/drivers/soc/fsl/dpio/dpio-driver.c
> @@ -220,12 +220,12 @@ static int dpaa2_dpio_remove(struct fsl_mc_device *dpio_dev)
>
> dev = &dpio_dev->dev;
> priv = dev_get_drvdata(dev);
> + cpu = dpaa2_io_get_cpu(priv->io);
>
> dpaa2_io_down(priv->io);
>
> dpio_teardown_irqs(dpio_dev);
>
> - cpu = dpaa2_io_get_cpu(priv->io);
> cpumask_set_cpu(cpu, cpus_unused_mask);
>
> err = dpio_open(dpio_dev->mc_io, 0, dpio_dev->obj_desc.id,
> --
> 2.17.1
>
More information about the Linuxppc-dev
mailing list