upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

acpi_gpiobus: Fix cleanup on set flags failure

Browse source 
When GPIOBUS_PIN_SETFLAGS fails we called gpiobus_free_ivars to clean
up the contents of the ivar, then would free the ivar. This lead to a
use-after-free as the ivar had already been set on the child so
gpiobus_child_deleted would try to free it again.

Fix this by removing the early cleanup and letting
gpiobus_child_deleted handle it.

Fixes:	c9e880c0ce ("gpiobus: Use a bus_child_deleted method to free ivars for children")
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D47670
(cherry picked from commit bb8c68b253)
This commit is contained in:
Andrew Turner 2024-12-09 15:14:13 +00:00 committed by John Baldwin
parent e75ef6dece
commit 32de28db23
1 changed files with 0 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/dev/gpio/acpi_gpiobus.c
View file

@ -201,8 +201,6 @@ acpi_gpiobus_enumerate_aei(ACPI_RESOURCE *res, void *context)
for (int i = 0; i < devi->gpiobus.npins; i++) {
if (GPIOBUS_PIN_SETFLAGS(bus, child, 0, devi->flags)) {
gpiobus_free_ivars(&devi->gpiobus);
free(devi, M_DEVBUF);
device_delete_child(bus, child);
return (AE_OK);
}