[PATCH 5/7] Staging: Beceem: use after free in bcm_exit()

Dan Carpenter error27 at gmail.com
Mon Dec 6 07:02:55 UTC 2010


We can't call class_destroy() until after the driver has been deregistered.
It leads to a NULL deref on module unload.

Signed-off-by: Dan Carpenter <error27 at gmail.com>
---
 drivers/staging/bcm/InterfaceInit.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/bcm/InterfaceInit.c b/drivers/staging/bcm/InterfaceInit.c
index dd82940..b4d2256 100644
--- a/drivers/staging/bcm/InterfaceInit.c
+++ b/drivers/staging/bcm/InterfaceInit.c
@@ -658,9 +658,8 @@ static __init int bcm_init(void)
 
 static __exit void bcm_exit(void)
 {
-	class_destroy(bcm_class);
-
 	usb_deregister(&usbbcm_driver);
+	class_destroy(bcm_class);
 }
 
 module_init(bcm_init);
-- 
1.7.3.2.146.gca209.dirty



More information about the devel mailing list