Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers/uio
History
Dan Carpenter 48c8e37c34 uio: potential double frees if __uio_register_device() fails 
[ Upstream commit f019f07ecf6a6b8bd6d7853bce70925d90af02d1 ]

The uio_unregister_device() function assumes that if "info->uio_dev" is
non-NULL that means "info" is fully allocated.  Setting info->uio_de
has to be the last thing in the function.

In the current code, if request_threaded_irq() fails then we return with
info->uio_dev set to non-NULL but info is not fully allocated and it can
lead to double frees.

Fixes: beafc54c4e ("UIO: Add the User IO core code")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-07-27 21:51:39 +02:00
..
msm_sharedmem Merge tag 'LA.BR.1.3.6-03510-8976.0' into HEAD 2017-04-18 12:11:50 +02:00
Kconfig
Makefile
uio.c uio: potential double frees if __uio_register_device() fails 2019-07-27 21:51:39 +02:00
uio_aec.c
uio_cif.c
uio_dmem_genirq.c uio: fix dmem_region_start computation 2019-07-27 21:42:50 +02:00
uio_netx.c
uio_pci_generic.c
uio_pdrv.c
uio_pdrv_genirq.c
uio_pruss.c
uio_sercos3.c