| author | Xiaoliang Wang <xiaoliang.wang@amlogic.com> | 2018-10-20 08:53:13 (GMT) |
|---|---|---|
| committer | Xiaoliang Wang <xiaoliang.wang@amlogic.com> | 2018-10-20 08:55:22 (GMT) |
| commit | db8c8b191c9f41d4863439f6d43b90a65e0c5425 (patch) | |
| tree | 7e1bad122b3c6120dd31981b17d2c8d79bdb6114 | |
| parent | f92ad2d3a874d3dc55ccd3521186077d6ee0fbd7 (diff) | |
| download | common-db8c8b191c9f41d4863439f6d43b90a65e0c5425.zip common-db8c8b191c9f41d4863439f6d43b90a65e0c5425.tar.gz common-db8c8b191c9f41d4863439f6d43b90a65e0c5425.tar.bz2 | |
Revert "usb: use-after-free in ffs_epfile_io+0x1c0/0x9b8"
This reverts commit e5c766a6b26760cab870e18530d899af034b9d36.
Change-Id: I8f435612fe2bfacd59b829aefdfbdedae4c6570c
| -rw-r--r-- | drivers/usb/gadget/function/f_fs.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 055c03a..ca41f19 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -952,7 +952,6 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) #ifdef CONFIG_AMLOGIC_USB struct ffs_ep *ep = epfile->ep; struct ffs_data_buffer *buffer = NULL; - int data_flag = -1; #else struct ffs_ep *ep; #endif @@ -1037,7 +1036,6 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) if (io_data->aio) { spin_unlock_irq(&epfile->ffs->eps_lock); data = kmalloc(data_len, GFP_KERNEL); - data_flag = 1; if (unlikely(!data)) { ret = -ENOMEM; goto error_mutex; @@ -1062,7 +1060,6 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) * been released in kill_sb. */ buffer = assign_ffs_buffer(epfile->ffs); - data_flag = -1; if (unlikely(!buffer)) { ret = -ENOMEM; spin_unlock_irq(&epfile->ffs->eps_lock); @@ -1177,7 +1174,7 @@ error_mutex: mutex_unlock(&epfile->mutex); error: #ifdef CONFIG_AMLOGIC_USB - if (data_flag > 0) { + if (io_data->aio) { kfree(data); data = NULL; } else { |