arm: vfp: Fix memory corruption on PM suspend
Commit
36af2a47 ("ARM: vfp: Always save VFP state in vfp_pm_suspend")
introduced a potential use-after-free bug. On SMP systems,
vfp_current_hw_state might hold dangling pointers in case a task which
used the VFP last migrates to another CPU and then exits. If
vfp_pm_suspend is called while vfp_current_hw_state still holds a
pointer to the freed thread_info, that memory location will be written,
potentially overwriting a new object allocated there.
The original problem is only relevant to UP systems in which the VFP
state is stored lazily.
Fix this by only storing the VFP state on UP systems, and avoid doing so
on SMP ones.
Change-Id: I8f7026eb735b340fcef4cf12fbd12b9a0ea08d3f
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Colin Cross <ccross@android.com>
projects / firefly-linux-kernel-4.4.55.git / commit