Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

USB: chipidea: fix use after free bug

The pointer to a platform_device struct must not be dereferenced after
the device has been unregistered.

This bug produces a crash when unloading the ci13xxx kernel module
compiled with CONFIG_PAGE_POISONING enabled.

Signed-off-by: Lothar Waßmann <LW@KARO-electronics.de>
Cc: stable <stable@vger.kernel.org> # 3.6
Acked-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lothar Waßmann 12 years ago
parent
9db72fe6c9
commit
98c3553442
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      drivers/usb/chipidea/core.c

+ 2 - 1
drivers/usb/chipidea/core.c
View File 

@@ -385,8 +385,9 @@ EXPORT_SYMBOL_GPL(ci13xxx_add_device);
 
 
 void ci13xxx_remove_device(struct platform_device *pdev)
 
 {
 
+	int id = pdev->id;
 
 	platform_device_unregister(pdev);
 
-	ida_simple_remove(&ci_ida, pdev->id);
 
+	ida_simple_remove(&ci_ida, id);
 
 }
 
 EXPORT_SYMBOL_GPL(ci13xxx_remove_device);