[PATCH] spi: bcm2835: Add spi_master_get() call to prevent use after free
Axel Lin
axel.lin at ingics.com
Thu Aug 22 08:45:37 EDT 2013
2013/8/22 Mark Brown <broonie at kernel.org>:
> On Sat, Aug 17, 2013 at 10:18:01AM +0800, Axel Lin wrote:
>> The call to spi_unregister_master results in device memory being freed, it must
>> no longer be accessed afterwards. Thus call spi_master_get to get an extra
>> reference to the device and call spi_master_put only after the last access to
>> device data.
>
> This seems a bit odd because it adds a get but no matching put - surely
> that means it's either adding a resource leak or there is a double free?
>
> It looks like the problem here is that we shouldn't be calling put() at
> all since that work is done as part of unregistering the master.
I think the reason is current code access bs->clk *after*
spi_unregister_master().
If spi_unregister_master() free the memory, we should not access the
memory allocated
by spi_alloc_master().
Thus add spi_master_get() to prevent spi_unregister_master() free the memory.
And then call spi_master_put only after the last access to device data.
More information about the linux-rpi-kernel
mailing list