-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Dan Carpenter <[email protected]>
upstream commit: f240729832dff3785104d950dad2d3ced4387f6d
dock_remove() calls kfree() on dock_station so we should use
list_for_each_entry_safe() to avoid dereferencing freed memory.
Found by smatch (http://repo.or.cz/w/smatch.git/). Compile tested.
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Len Brown <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
drivers/acpi/dock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/acpi/dock.c
+++ b/drivers/acpi/dock.c
@@ -1146,9 +1146,10 @@ static int __init dock_init(void)
static void __exit dock_exit(void)
{
struct dock_station *dock_station;
+ struct dock_station *tmp;
unregister_acpi_bus_notifier(&dock_acpi_notifier);
- list_for_each_entry(dock_station, &dock_stations, sibiling)
+ list_for_each_entry_safe(dock_station, tmp, &dock_stations, sibiling)
dock_remove(dock_station);
}