diff options
author | Ming Lei <ming.lei@canonical.com> | 2013-06-15 08:36:38 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-06-18 17:41:55 (GMT) |
commit | 875979368eb4cfecff9f0e97625b90cc6009269d (patch) | |
tree | e10845e63381a741f60465d808d9b39f18217c6f /firmware/cpia2 | |
parent | 7d132055814ef17a6c7b69f342244c410a5e000f (diff) | |
download | linux-fsl-qoriq-875979368eb4cfecff9f0e97625b90cc6009269d.tar.xz |
firmware loader: fix use-after-free by double abort
fw_priv->buf is accessed in both request_firmware_load() and
writing to sysfs file of 'loading' context, but not protected
by 'fw_lock' entirely. The patch makes sure that access on
'fw_priv->buf' is protected by the lock.
So fixes the double abort problem reported by nirinA raseliarison:
http://lkml.org/lkml/2013/6/14/188
Reported-and-tested-by: nirinA raseliarison <nirina.raseliarison@gmail.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable <stable@vger.kernel.org> # 3.9
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'firmware/cpia2')
0 files changed, 0 insertions, 0 deletions