During the pass_exit_resource(), pass_put_table() frees the
g_pass->policy->pass_table, and after that, pass_hotplug_stop() is
called and uses the pointer. Remove the use-after-free by clearing
policy->pass_table from pass_put_table() instead of
__pass_governor_exit() and checking null from pass_hot_plug_stop().
Change-Id: I00d57320dd9ed9f0bcaed406f066bdce37215656
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
struct pass_table *table = policy->pass_table;
int level = policy->max_level;
- if (!policy->hotplug)
+ if (!policy->hotplug || !table)
return;
policy->hotplug->online = table[level].limit_min_cpu;
policy->max_level = 0;
policy->level_up_threshold = 0;
- policy->pass_table = NULL;
policy->num_pass_cpu_stats = 0;
policy->gov_timeout = 0;
void pass_put_table(struct pass_policy *policy)
{
- if (policy->pass_table)
+ if (policy->pass_table) {
free(policy->pass_table);
+ policy->pass_table = NULL;
+ }
if (policy->scenario.list)
free(policy->scenario.list);