patch "staging: greybus: spilib: fix use-after-free after deregistration" added to staging-next

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    staging: greybus: spilib: fix use-after-free after deregistration

to my staging git tree which can be found at
    git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
in the staging-next branch.

The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)

The patch will also be merged in the next major kernel release
during the merge window.

If you have any questions about this process, please let me know.


>From 770b03c2ca4aa44d226cf248f86aa23e546147d0 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@xxxxxxxxxx>
Date: Sun, 29 Oct 2017 13:01:33 +0100
Subject: staging: greybus: spilib: fix use-after-free after deregistration

Remove erroneous spi_master_put() after controller deregistration which
would access the already freed spi controller.

Note that spi_unregister_master() drops our only controller reference.

Fixes: ba3e67001b42 ("greybus: SPI: convert to a gpbridge driver")
Cc: stable <stable@xxxxxxxxxxxxxxx>     # 4.9
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Reviewed-by: Rui Miguel Silva <rmfrfs@xxxxxxxxx>
Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/staging/greybus/spilib.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/greybus/spilib.c b/drivers/staging/greybus/spilib.c
index e97b19148497..1e7321a1404c 100644
--- a/drivers/staging/greybus/spilib.c
+++ b/drivers/staging/greybus/spilib.c
@@ -544,11 +544,14 @@ int gb_spilib_master_init(struct gb_connection *connection, struct device *dev,
 
 	return 0;
 
-exit_spi_unregister:
-	spi_unregister_master(master);
 exit_spi_put:
 	spi_master_put(master);
 
+	return ret;
+
+exit_spi_unregister:
+	spi_unregister_master(master);
+
 	return ret;
 }
 EXPORT_SYMBOL_GPL(gb_spilib_master_init);
@@ -558,7 +561,6 @@ void gb_spilib_master_exit(struct gb_connection *connection)
 	struct spi_master *master = gb_connection_get_data(connection);
 
 	spi_unregister_master(master);
-	spi_master_put(master);
 }
 EXPORT_SYMBOL_GPL(gb_spilib_master_exit);
 
-- 
2.15.0
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]