firmware loader: fix use-after-free by double abort (87597936) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_torvalds_linux

Commit 87597936 authored Jun 15, 2013 by

Ming Lei Committed by Greg Kroah-Hartman Jun 18, 2013

firmware loader: fix use-after-free by double abort

fw_priv->buf is accessed in both request_firmware_load() and
writing to sysfs file of 'loading' context, but not protected
by 'fw_lock' entirely. The patch makes sure that access on
'fw_priv->buf' is protected by the lock.

So fixes the double abort problem reported by nirinA raseliarison:

	http://lkml.org/lkml/2013/6/14/188



Reported-and-tested-by: nirinA raseliarison <nirina.raseliarison@gmail.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable <stable@vger.kernel.org> # 3.9
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 7d132055

Hide whitespace changes

Inline Side-by-side

Please register or to comment