| Message ID | 1496903383-10129-2-git-send-email-po-hsu.lin@canonical.com |
|---|---|
| State | New |
| Headers | show |
On 08/06/17 07:29, Po-Hsu Lin wrote: > From: Seung-Woo Kim <sw0312.kim@samsung.com> > > CVE-2014-9940 > > After freeing pin from regulator_ena_gpio_free, loop can access > the pin. So this patch fixes not to access pin after freeing. > > Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com> > Signed-off-by: Mark Brown <broonie@kernel.org> > (cherry picked from commit 60a2362f769cf549dc466134efe71c8bf9fbaaba) > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- > drivers/regulator/core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c > index d1db4fb..2d396dc 100644 > --- a/drivers/regulator/core.c > +++ b/drivers/regulator/core.c > @@ -1702,6 +1702,8 @@ static void regulator_ena_gpio_free(struct regulator_dev *rdev) > gpio_free(pin->gpio); > list_del(&pin->list); > kfree(pin); > + rdev->ena_pin = NULL; > + return; > } else { > pin->request_count--; > } > Acked-by: Colin Ian King <colin.king@canonical.com>
Applied to trusty/master-next branch. Thank you.
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index d1db4fb..2d396dc 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -1702,6 +1702,8 @@ static void regulator_ena_gpio_free(struct regulator_dev *rdev) gpio_free(pin->gpio); list_del(&pin->list); kfree(pin); + rdev->ena_pin = NULL; + return; } else { pin->request_count--; }