[PATCH] spi: bcm2835: Add spi_master_get() call to prevent use after free

Mark Brown broonie at kernel.org
Thu Aug 22 08:13:13 EDT 2013

On Sat, Aug 17, 2013 at 10:18:01AM +0800, Axel Lin wrote:
> The call to spi_unregister_master results in device memory being freed, it must
> no longer be accessed afterwards. Thus call spi_master_get to get an extra
> reference to the device and call spi_master_put only after the last access to
> device data.

This seems a bit odd because it adds a get but no matching put - surely
that means it's either adding a resource leak or there is a double free?

It looks like the problem here is that we shouldn't be calling put() at
all since that work is done as part of unregistering the master.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.infradead.org/pipermail/linux-rpi-kernel/attachments/20130822/2b75894b/attachment.sig>

More information about the linux-rpi-kernel mailing list