diff options
| author |   Stefan Wahren <stefan.wahren@i2se.com> | 2016-10-31 14:39:27 +0000 |
|---|---|---|
| committer |   Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-11-07 11:05:47 +0100 |
| commit | 81a8b5427b9a85c5cf1f437346e76d6c643621b3 (patch) | |
| tree | e0e9e100eaeb43a2766f7a8f6463302440238690 /drivers/staging/vc04_services | |
| parent | staging: vc04_services: parse_rx_slots() - Fix compiler warning (diff) | |
| download | wireguard-linux-81a8b5427b9a85c5cf1f437346e76d6c643621b3.tar.xz wireguard-linux-81a8b5427b9a85c5cf1f437346e76d6c643621b3.zip | |
staging: vchiq_core: fix service dereference in unlock_service
The service state is dereferenced before BUG_ON and outside of the
spin lock. So in order to avoid possible NULL pointer dereferences or
races move the whole scope at a safer place.
This issue has been found by Cppcheck.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/vc04_services')
| -rw-r--r-- | drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c index 5978017b14bd..7984ff9fad87 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c @@ -296,12 +296,13 @@ lock_service(VCHIQ_SERVICE_T *service) void unlock_service(VCHIQ_SERVICE_T *service) { - VCHIQ_STATE_T *state = service->state; spin_lock(&service_spinlock); BUG_ON(!service || (service->ref_count == 0)); if (service && service->ref_count) { service->ref_count--; if (!service->ref_count) { + VCHIQ_STATE_T *state = service->state; + BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE); state->services[service->localport] = NULL; } else |