Hello Andrzej,
On 5/6/22 15:07, Andrzej Hajda wrote:
> On 06.05.2022 00:05, Javier Martinez Canillas wrote:
[snip]
>> +
>> +framebuffer_release(info);
>> +
>> if (request_mem_succeeded)
>> release_mem_region(info->apertures->ranges[0].base,
>>
On 06.05.2022 00:05, Javier Martinez Canillas wrote:
The driver is calling framebuffer_release() in its .remove callback, but
this will cause the struct fb_info to be freed too early. Since it could
be that a reference is still hold to it if user-space opened the fbdev.
This would lead to a use-
The driver is calling framebuffer_release() in its .remove callback, but
this will cause the struct fb_info to be freed too early. Since it could
be that a reference is still hold to it if user-space opened the fbdev.
This would lead to a use-after-free error if the framebuffer device was
unregist
