msm: ipa: fix use-after-free of rt_tbl (bf9c2b11) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/platform/msm/ipa/ipa_v3/ipa_flt.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -1078,7 +1078,7 @@ static int __ipa_del_flt_rule(u32 rule_hdl)

	list_del(&entry->link);		list_del(&entry->link);
	entry->tbl->rule_cnt--;		entry->tbl->rule_cnt--;
	if (entry->rt_tbl)		if (entry->rt_tbl && !ipa3_check_idr_if_freed(entry->rt_tbl))
	entry->rt_tbl->ref_cnt--;		entry->rt_tbl->ref_cnt--;
	IPADBG("del flt rule rule_cnt=%d rule_id=%d\n",		IPADBG("del flt rule rule_cnt=%d rule_id=%d\n",
	entry->tbl->rule_cnt, entry->rule_id);		entry->tbl->rule_cnt, entry->rule_id);