From 4660e029b87eee5b2a28ee3ee13f2042548803fa Mon Sep 17 00:00:00 2001
From: Marian Chereji <marian.chereji@freescale.com>
Date: Thu, 14 May 2015 17:50:24 +0300
Subject: dpa_offload: Avoid illegal access of IPSec instance after release

The function "dpa_ipsec_free" is calling "free_resources" which
is releasing the dpa_ipsec instance by executing

kfree(dpa_ipsec);

Once this call ends, "dpa_ipsec_free" is accessing again the
"instance" pointer to call "mark_unused_gbl_dpa_ipsec". The problem
is that the "instance" pointer is inconsistent at his point (was
released by the call to "free_resources").

To fix this, the call to "mark_unused_gbl_dpa_ipsec" was simply
removed from "dpa_ipsec_free" because the function "free_resources"
is already doing that.

Signed-off-by: Marian Chereji <marian.chereji@freescale.com>
Change-Id: Ibabc69253a8a21c7bb158bc371193a6b9ace01ac
Reviewed-on: http://git.am.freescale.net:8181/36404
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Pinghua An <pinghua.an@freescale.com>
Reviewed-by: Honghua Yin <Hong-Hua.Yin@freescale.com>

diff --git a/drivers/staging/fsl_dpa_offload/dpa_ipsec.c b/drivers/staging/fsl_dpa_offload/dpa_ipsec.c
index 5b3fc91..23b0521 100644
--- a/drivers/staging/fsl_dpa_offload/dpa_ipsec.c
+++ b/drivers/staging/fsl_dpa_offload/dpa_ipsec.c
@@ -3680,8 +3680,6 @@ int dpa_ipsec_free(int dpa_ipsec_id)
 
 	free_resources(dpa_ipsec_id);
 
-	mark_unused_gbl_dpa_ipsec(instance->id);
-
 	return 0;
 }
 EXPORT_SYMBOL(dpa_ipsec_free);
-- 
cgit v0.10.2