[PATCH 10/14] misc: vexpress: fix error handling vexpress_syscfg_regmap_init()
Arnd Bergmann
arnd at arndb.de
Fri Jun 13 09:01:12 PDT 2014
From: Dan Carpenter <dan.carpenter at oracle.com>
This function should be returning an ERR_PTR() on failure instead of
NULL. Also there is a use after free bug if regmap_init() fails because
we free "func" and then dereference doing the return.
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Acked-by: Pawel Moll <pawel.moll at arm.com>
Signed-off-by: Arnd Bergmann <arnd at arndb.de>
---
drivers/misc/vexpress-syscfg.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/misc/vexpress-syscfg.c b/drivers/misc/vexpress-syscfg.c
index 73068e5..3250fc1 100644
--- a/drivers/misc/vexpress-syscfg.c
+++ b/drivers/misc/vexpress-syscfg.c
@@ -199,7 +199,7 @@ static struct regmap *vexpress_syscfg_regmap_init(struct device *dev,
func = kzalloc(sizeof(*func) + sizeof(*func->template) * num,
GFP_KERNEL);
if (!func)
- return NULL;
+ return ERR_PTR(-ENOMEM);
func->syscfg = syscfg;
func->num_templates = num;
@@ -231,10 +231,14 @@ static struct regmap *vexpress_syscfg_regmap_init(struct device *dev,
func->regmap = regmap_init(dev, NULL, func,
&vexpress_syscfg_regmap_config);
- if (IS_ERR(func->regmap))
+ if (IS_ERR(func->regmap)) {
+ void *err = func->regmap;
+
kfree(func);
- else
- list_add(&func->list, &syscfg->funcs);
+ return err;
+ }
+
+ list_add(&func->list, &syscfg->funcs);
return func->regmap;
}
--
1.8.3.2
More information about the linux-arm-kernel
mailing list