projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: abb722e)
greybus: operation: fix cancellation use-after-free
authorJohan Hovold <johan@hovoldconsulting.com>
Wed, 1 Jul 2015 10:37:25 +0000 (12:37 +0200)
committerGreg Kroah-Hartman <gregkh@google.com>
Wed, 1 Jul 2015 23:50:59 +0000 (16:50 -0700)
The final reference of an operation will be put after its completion
handler has run, so we must not drop the reference if it has already
been scheduled to avoid use-after-free.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
drivers/staging/greybus/operation.c patch | blob | blame | history

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index 3392b425a6c286d41081a8b9ebc1ecbda830e088..7adfa63462880b9821a62f1fb8544653f241fec8 100644 (file)
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -846,8 +846,8 @@ void gb_operation_cancel(struct gb_operation *operation, int errno)
                gb_message_cancel(operation->request);
                if (operation->response)
                        gb_message_cancel(operation->response);
+               gb_operation_put(operation);
        }
-       gb_operation_put(operation);
 }
 EXPORT_SYMBOL_GPL(gb_operation_cancel);