Javier Martinez Canillas 0fac5f8fb1 video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup ... [ Upstream commit acde4003ef ] Commit b3c9a924aa ("fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove") fixed a use-after-free error due the vesafb driver freeing the fb_info in the .remove handler instead of doing it in .fb_destroy. This can happen if the .fb_destroy callback is executed after the .remove callback, since the former tries to access a pointer freed by the latter. But that change didn't take into account that another possible scenario is that .fb_destroy is called before the .remove callback. For example, if no process has the fbdev chardev opened by the time the driver is removed. If that's the case, fb_info will be freed when unregister_framebuffer() is called, making the fb_info pointer accessed in vesafb_remove() after that to no longer be valid. To prevent that, move the expression containing the info->par to happen before the unregister_framebuffer() function call. Fixes: b3c9a924aa ("fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove") Reported-by: Pascal Ernster <dri-devel@hardfalcon.net> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Tested-by: Pascal Ernster <dri-devel@hardfalcon.net> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-06-09 10:23:16 +02:00
..
backlight	backlight: qcom-wled: Respect enabled-strings in set_brightness	2022-01-27 11:03:46 +01:00
console	parisc/stifb: Keep track of hardware path of graphics card	2022-06-09 10:22:26 +02:00
fbdev	video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup	2022-06-09 10:23:16 +02:00
logo
display_timing.c
hdmi.c	video: fix some kernel-doc markups	2020-11-16 18:23:16 +01:00
Kconfig
Makefile
of_display_timing.c	video: Fix kernel-doc warnings in of_display_timing + of_videomode	2020-11-29 22:42:17 +01:00
of_videomode.c	video: Fix kernel-doc warnings in of_display_timing + of_videomode	2020-11-29 22:42:17 +01:00
vgastate.c
videomode.c