Hi Dan,
W dniu 18.11.2022 o 12:47, Dan Carpenter pisze:
The printer_dev_free() function frees "dev" but then it is dereferenced
by the debug code on the next line. The debug printk only prints the
function name so it's probably okay to just delete it.
Fixes: e8d5f92b8d30 ("usb: gadget: function: printer: fix use-after-free in __lock_acquire")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
drivers/usb/gadget/function/f_printer.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c
index a881c69b1f2b..7354bfe1e682 100644
--- a/drivers/usb/gadget/function/f_printer.c
+++ b/drivers/usb/gadget/function/f_printer.c
@@ -382,7 +382,6 @@ printer_close(struct inode *inode, struct file *fd)
spin_unlock_irqrestore(&dev->lock, flags);
kref_put(&dev->kref, printer_dev_free);
- DBG(dev, "printer_close\n");
I think that if you delete the DBG() here, it should also be deleted in
printer_open(). Alternatively this patch should reverse the order of
calls to kref_put() and DBG().
Regards,
Andrzej
return 0;
}