regulator: fix use after free issue · tjh.dev/kernel@4affd79

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

regulator: fix use after free issue

This is caused by dereferencing 'rdev' after put_device() in
the _regulator_get()/_regulator_put() functions.
This patch just moves the put_device() down a bit to avoid the
issue.

Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Cc: Liam Girdwood <lgirdwood@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: linux-kernel@vger.kernel.org
Link: https://lore.kernel.org/r/20191124145835.25999-1-wenyang@linux.alibaba.com
Signed-off-by: Mark Brown <broonie@kernel.org>

authored by

Wen Yang and committed by

Mark Brown 6 years ago 4affd79a c15d5a64

+2 -2

1 changed file

expand all

drivers

regulator

core.c

+2 -2

drivers/regulator/core.c

··· 1937 1937 regulator = create_regulator(rdev, dev, id); 1938 1938 if (regulator == NULL) { 1939 1939 regulator = ERR_PTR(-ENOMEM); 1940 - put_device(&rdev->dev); 1941 1940 module_put(rdev->owner); 1941 + put_device(&rdev->dev); 1942 1942 return regulator; 1943 1943 } 1944 1944 ··· 2059 2059 2060 2060 rdev->open_count--; 2061 2061 rdev->exclusive = 0; 2062 - put_device(&rdev->dev); 2063 2062 regulator_unlock(rdev); 2064 2063 2065 2064 kfree_const(regulator->supply_name); 2066 2065 kfree(regulator); 2067 2066 2068 2067 module_put(rdev->owner); 2068 + put_device(&rdev->dev); 2069 2069 } 2070 2070 2071 2071 /**