Re: [patch] mfd: vexpress: use after free in vexpress_syscfg_regmap_init()
From: Pawel Moll
Date: Wed Jun 11 2014 - 05:22:35 EST
On Wed, 2014-06-11 at 07:07 +0100, Dan Carpenter wrote:
> We should return NULL if regmap_init() fails instead of continuing.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/drivers/misc/vexpress-syscfg.c b/drivers/misc/vexpress-syscfg.c
> index 73068e5..2c0ddb2 100644
> --- a/drivers/misc/vexpress-syscfg.c
> +++ b/drivers/misc/vexpress-syscfg.c
> @@ -231,10 +231,12 @@ static struct regmap *vexpress_syscfg_regmap_init(struct device *dev,
> func->regmap = regmap_init(dev, NULL, func,
> &vexpress_syscfg_regmap_config);
>
> - if (IS_ERR(func->regmap))
> + if (IS_ERR(func->regmap)) {
> kfree(func);
> - else
> - list_add(&func->list, &syscfg->funcs);
> + return NULL;
> + }
> +
> + list_add(&func->list, &syscfg->funcs);
>
> return func->regmap;
> }
Not really, no. What made you think so?
vexpress_config_bridge_ops.regmap_init should return an ERR_PTR in case
of troubles, not a NULL. See devm_regmap_init_vexpress_config() in
drivers/bus/vexpress-config.c:
regmap = bridge->ops->regmap_init(dev, bridge->context);
if (IS_ERR(regmap)) {
Pawel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/