[PATCH v2] spi: bcm2835: Add spi_master_get() call to prevent use after free

[Axel Lin]

The call to spi_unregister_master results in device memory being freed, it must
no longer be accessed afterwards. Thus call spi_master_get() to get an extra
reference to the device and call spi_master_put() only after the last access to
device data.

Note, current code has an extra spi_master_put() call in bcm2835_spi_remove().
Thus this patch just adds an spi_master_get() to balance the reference count.

Signed-off-by: Axel Lin <axel.lin at ingics.com>
---
v2: Improve the commit log to mention that why this patch just adds an
spi_master_get() rather than spi_master_get() and spi_master_put() pair.

 drivers/spi/spi-bcm2835.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/spi/spi-bcm2835.c b/drivers/spi/spi-bcm2835.c
index 7de617a..52c8148 100644
--- a/drivers/spi/spi-bcm2835.c
+++ b/drivers/spi/spi-bcm2835.c
@@ -377,7 +377,7 @@ out_master_put:
 
 static int bcm2835_spi_remove(struct platform_device *pdev)
 {
-	struct spi_master *master = platform_get_drvdata(pdev);
+	struct spi_master *master = spi_master_get(platform_get_drvdata(pdev));
 	struct bcm2835_spi *bs = spi_master_get_devdata(master);
 
 	free_irq(bs->irq, master);
-- 
1.8.1.2