diff options
| author | Remi Pommarel <[email protected]> | 2019-01-11 00:01:35 +0100 | 
|---|---|---|
| committer | Ulf Hansson <[email protected]> | 2019-01-14 12:03:04 +0100 | 
| commit | bb364890323cca6e43f13e86d190ebf34a7d8cea (patch) | |
| tree | 73b48a1dd6299be611cd61f3bf2ff8667a6dcc1b /lib/test_fortify/write_overflow-strcpy.c | |
| parent | 287b1da6a458a30da2e5be745498d31092ebb001 (diff) | |
mmc: meson-gx: Free irq in release() callback
Because the irq was requested through device managed resources API
(devm_request_threaded_irq()) it was freed after meson_mmc_remove()
completion, thus after mmc_free_host() has reclaimed meson_host memory.
As this irq is IRQF_SHARED, while using CONFIG_DEBUG_SHIRQ, its handler
get called by free_irq(). So meson_mmc_irq() was called after the
meson_host memory reclamation and was using invalid memory.
We ended up with the following scenario:
device_release_driver()
	meson_mmc_remove()
		mmc_free_host() /* Freeing host memory */
	...
	devres_release_all()
		devm_irq_release()
			__free_irq()
				meson_mmc_irq() /* Uses freed memory */
To avoid this, the irq is released in meson_mmc_remove() and in
mseon_mmc_probe() error path before mmc_free_host() gets called.
Reported-by: Elie Roudninski <[email protected]>
Signed-off-by: Remi Pommarel <[email protected]>
Cc: [email protected]
Signed-off-by: Ulf Hansson <[email protected]>
Diffstat (limited to 'lib/test_fortify/write_overflow-strcpy.c')
0 files changed, 0 insertions, 0 deletions