subject:"\[PATCH\] soc\: fsl\: dpio\: Use after free in dpaa2_dpio

[PATCH] soc: fsl: dpio: Use after free in dpaa2_dpio_remove()

2019-02-04 Thread Dan Carpenter

The dpaa2_io_down(priv->io) call frees "priv->io" so I've shifted the
code around a little bit to avoid the use after free.

Fixes: 991e873223e9 ("soc: fsl: dpio: use a cpumask to identify which cpus are 
unused")
Signed-off-by: Dan Carpenter 
---
 drivers/soc/fsl/dpio/dpio-driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/soc/fsl/dpio/dpio-driver.c 
b/drivers/soc/fsl/dpio/dpio-driver.c
index 2d4af32a0dec..a28799b62d53 100644
--- a/drivers/soc/fsl/dpio/dpio-driver.c
+++ b/drivers/soc/fsl/dpio/dpio-driver.c
@@ -220,12 +220,12 @@ static int dpaa2_dpio_remove(struct fsl_mc_device 
*dpio_dev)
 
dev = &dpio_dev->dev;
priv = dev_get_drvdata(dev);
+   cpu = dpaa2_io_get_cpu(priv->io);
 
dpaa2_io_down(priv->io);
 
dpio_teardown_irqs(dpio_dev);
 
-   cpu = dpaa2_io_get_cpu(priv->io);
cpumask_set_cpu(cpu, cpus_unused_mask);
 
err = dpio_open(dpio_dev->mc_io, 0, dpio_dev->obj_desc.id,
-- 
2.17.1

Re: [PATCH] soc: fsl: dpio: Use after free in dpaa2_dpio_remove()

2019-02-04 Thread Li Yang

On Mon, Feb 4, 2019 at 8:12 AM Dan Carpenter  wrote:
>
> The dpaa2_io_down(priv->io) call frees "priv->io" so I've shifted the
> code around a little bit to avoid the use after free.
>
> Fixes: 991e873223e9 ("soc: fsl: dpio: use a cpumask to identify which cpus 
> are unused")
> Signed-off-by: Dan Carpenter 

Applied.  Thanks.

> ---
>  drivers/soc/fsl/dpio/dpio-driver.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/soc/fsl/dpio/dpio-driver.c 
> b/drivers/soc/fsl/dpio/dpio-driver.c
> index 2d4af32a0dec..a28799b62d53 100644
> --- a/drivers/soc/fsl/dpio/dpio-driver.c
> +++ b/drivers/soc/fsl/dpio/dpio-driver.c
> @@ -220,12 +220,12 @@ static int dpaa2_dpio_remove(struct fsl_mc_device 
> *dpio_dev)
>
> dev = &dpio_dev->dev;
> priv = dev_get_drvdata(dev);
> +   cpu = dpaa2_io_get_cpu(priv->io);
>
> dpaa2_io_down(priv->io);
>
> dpio_teardown_irqs(dpio_dev);
>
> -   cpu = dpaa2_io_get_cpu(priv->io);
> cpumask_set_cpu(cpu, cpus_unused_mask);
>
> err = dpio_open(dpio_dev->mc_io, 0, dpio_dev->obj_desc.id,
> --
> 2.17.1
>

[PATCH] soc: fsl: dpio: Use after free in dpaa2_dpio_remove()

Re: [PATCH] soc: fsl: dpio: Use after free in dpaa2_dpio_remove()

2 matches

Site Navigation

Mail list logo

Footer information