From 4513fe91d755469862a24c9ebca6b3209a6926fc Mon Sep 17 00:00:00 2001 From: Dhoat Harpal Date: Wed, 1 Feb 2017 20:16:21 +0530 Subject: [PATCH] soc: qcom: glink_ssr: Set NULL after free In function close_ch_worker variable ss_info->cb_data is not set to NULL after free, this results in crash due to use after free in notify_for_subsystem function. This variable is set to NULL to avoid any crash due to use after free. CRs-Fixed: 2000384 Change-Id: Ia0c7b52e4c8f5d0215fd0ebfbca5e823530f205c Signed-off-by: Dhoat Harpal --- drivers/soc/qcom/glink_ssr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/glink_ssr.c b/drivers/soc/qcom/glink_ssr.c index 4d94e6446505..5e2dbc8b1d20 100644 --- a/drivers/soc/qcom/glink_ssr.c +++ b/drivers/soc/qcom/glink_ssr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2017, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -339,6 +339,7 @@ void close_ch_worker(struct work_struct *work) BUG_ON(!ss_info->cb_data); kfree(ss_info->cb_data); + ss_info->cb_data = NULL; kfree(close_work); }