diff options
Diffstat (limited to 'HID-hid-input-Fix-accessing-freed-memory-during-devi.patch')
-rw-r--r-- | HID-hid-input-Fix-accessing-freed-memory-during-devi.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/HID-hid-input-Fix-accessing-freed-memory-during-devi.patch b/HID-hid-input-Fix-accessing-freed-memory-during-devi.patch deleted file mode 100644 index 6a64910b5..000000000 --- a/HID-hid-input-Fix-accessing-freed-memory-during-devi.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0621809e37936e7c2b3eac9165cf2aad7f9189eb Mon Sep 17 00:00:00 2001 -From: Krzysztof Kozlowski <k.kozlowski@samsung.com> -Date: Mon, 3 Aug 2015 14:57:30 +0900 -Subject: [PATCH] HID: hid-input: Fix accessing freed memory during device - disconnect - -During unbinding the driver was dereferencing a pointer to memory -already freed by power_supply_unregister(). - -Driver was freeing its internal description of battery through pointers -stored in power_supply structure. However, because the core owns the -power supply instance, after calling power_supply_unregister() this -memory is freed and the driver cannot access these members. - -Fix this by storing the pointer to internal description of battery in a -local variable before calling power_supply_unregister(), so the pointer -remains valid. - -Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com> -Reported-by: H.J. Lu <hjl.tools@gmail.com> -Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core") -Cc: <stable@vger.kernel.org> -Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> -Signed-off-by: Jiri Kosina <jkosina@suse.com> ---- - drivers/hid/hid-input.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c -index 3511bbab..e3c6364 100644 ---- a/drivers/hid/hid-input.c -+++ b/drivers/hid/hid-input.c -@@ -462,12 +462,15 @@ out: - - static void hidinput_cleanup_battery(struct hid_device *dev) - { -+ const struct power_supply_desc *psy_desc; -+ - if (!dev->battery) - return; - -+ psy_desc = dev->battery->desc; - power_supply_unregister(dev->battery); -- kfree(dev->battery->desc->name); -- kfree(dev->battery->desc); -+ kfree(psy_desc->name); -+ kfree(psy_desc); - dev->battery = NULL; - } - #else /* !CONFIG_HID_BATTERY_STRENGTH */ --- -2.4.3 - |