From 2e369878bd4399283f2950dc4947cf44c857dd74 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson Date: Thu, 29 Aug 2019 10:29:23 +0100 Subject: [PATCH] misc: fastrpc: Don't reference rpmsg_device after remove As fastrpc_rpmsg_remove() returns the rpdev of the channel context is no longer a valid object, so ensure to update the channel context to no longer reference the old object and guard in the invoke code path against dereferencing it. Signed-off-by: Bjorn Andersson Signed-off-by: Mayank Chopra Signed-off-by: Abhinav Asati Signed-off-by: Vamsi Singamsetty Signed-off-by: Srinivas Kandagatla Link: https://lore.kernel.org/r/20190829092926.12037-3-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman --- drivers/misc/fastrpc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index c019e86..59ee6de 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -913,6 +913,9 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel, if (!fl->sctx) return -EINVAL; + if (!fl->cctx->rpdev) + return -EPIPE; + ctx = fastrpc_context_alloc(fl, kernel, sc, args); if (IS_ERR(ctx)) return PTR_ERR(ctx); @@ -1495,6 +1498,7 @@ static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev) misc_deregister(&cctx->miscdev); of_platform_depopulate(&rpdev->dev); + cctx->rpdev = NULL; fastrpc_channel_ctx_put(cctx); } -- 2.7.4