Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 09:31:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

PCI: endpoint: Use after free in pci_epf_unregister_driver()

Browse Source 
We need to use list_for_each_entry_safe() because the
pci_ep_cfs_remove_epf_group() function frees "group".

Fixes: ef1433f717 ("PCI: endpoint: Create configfs entry for each pci_epf_device_id table entry")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[lorenzo.pieralisi@arm.com: updated commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
This commit is contained in:
Dan Carpenter 2018-06-29 13:49:24 -05:00 committed by Bjorn Helgaas
parent 9bc5f0833a
commit fb0de5b8dc
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/pci/endpoint/pci-epf-core.c
View File

@ -145,10 +145,10 @@ EXPORT_SYMBOL_GPL(pci_epf_alloc_space);
*/
void pci_epf_unregister_driver(struct pci_epf_driver *driver)
{
struct config_group *group;
struct config_group *group, *tmp;
mutex_lock(&pci_epf_mutex);
list_for_each_entry(group, &driver->epf_group, group_entry)
list_for_each_entry_safe(group, tmp, &driver->epf_group, group_entry)
pci_ep_cfs_remove_epf_group(group);
list_del(&driver->epf_group);
mutex_unlock(&pci_epf_mutex);