From 1826e9b1bd9139850954acb9c2e0fb230ba94e0d Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 23 Aug 2013 11:14:49 +0300 Subject: [PATCH] usb: gadget: gadgetfs: use after free in dev_release() The call to put_dev() releases "dev". Hopefully, we don't need to set the state to STATE_DEV_DISABLED anyway so I have removed those lines. Signed-off-by: Dan Carpenter Signed-off-by: Felipe Balbi --- drivers/usb/gadget/inode.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c index 570c005062ab..465ef8e2cc91 100644 --- a/drivers/usb/gadget/inode.c +++ b/drivers/usb/gadget/inode.c @@ -1270,10 +1270,6 @@ dev_release (struct inode *inode, struct file *fd) dev->buf = NULL; put_dev (dev); - /* other endpoints were all decoupled from this device */ - spin_lock_irq(&dev->lock); - dev->state = STATE_DEV_DISABLED; - spin_unlock_irq(&dev->lock); return 0; } -- 2.20.1