[PATCH 1/1] mmc: core: sdio_bus: call sdio_free_func_cis only for standard SDIO card - Linux-stable-mirror

5 Feb 2021

From: Hongwei Ma mahongwei_123@126.com
tuple is only allcated for standard SDIO card, especially it causes memory
corruption issue when the non-standard SDIO card has removed since the card
device's reference counter does not increase for it at sdio_init_func, but
all SDIO card device reference counter has decreased at sdio_release_func.
Cc: stable@vger.kernel.org #v5.4+
Signed-off-by: Peter Chen peter.chen@kernel.org
---
 drivers/mmc/core/sdio_bus.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/mmc/core/sdio_bus.c b/drivers/mmc/core/sdio_bus.c
index 3d709029e07c..50279f805a53 100644
--- a/drivers/mmc/core/sdio_bus.c
+++ b/drivers/mmc/core/sdio_bus.c
@@ -292,7 +292,8 @@ static void sdio_release_func(struct device *dev)
 {
    struct sdio_func *func = dev_to_sdio_func(dev);
-	sdio_free_func_cis(func);
+	if (!(card->quirks & MMC_QUIRK_NONSTD_SDIO))
+		sdio_free_func_cis(func);
kfree(func->info);
    kfree(func->tmpbuf);
-- 
2.17.1


    