From: Rui Miguel Silva Date: Fri, 8 Jan 2016 13:53:47 +0000 (+0000) Subject: greybus: power_supply: fix use after free of power supply X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=accad1ba7d62543ab3bcf08813726ea87d237bb6;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git greybus: power_supply: fix use after free of power supply Individual power supply were being freed and checked using the wrong pointers and at the wrong place, which would make several issues, like used after free and so on. Fix it by freeing all allocated memory after release individual power supply. Signed-off-by: Rui Miguel Silva Reported-by: Johan Hovold Reviewed-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/greybus/power_supply.c b/drivers/staging/greybus/power_supply.c index 3c9bb12351e4..d985e13b5a0d 100644 --- a/drivers/staging/greybus/power_supply.c +++ b/drivers/staging/greybus/power_supply.c @@ -544,13 +544,10 @@ static void _gb_power_supply_free(struct gb_power_supply *gbpsy) kfree(gbpsy->manufacturer); kfree(gbpsy->props_raw); kfree(gbpsy->props); - kfree(gbpsy); } static void _gb_power_supply_release(struct gb_power_supply *gbpsy) { - if (!gbpsy) - return; gbpsy->update_interval = 0; @@ -576,6 +573,7 @@ static void _gb_power_supplies_release(struct gb_power_supplies *supplies) mutex_lock(&supplies->supplies_lock); for (i = 0; i < supplies->supplies_count; i++) _gb_power_supply_release(&supplies->supply[i]); + kfree(supplies->supply); mutex_unlock(&supplies->supplies_lock); kfree(supplies); }