Skip to content

Commit

Permalink
mfd: core: Fix double-free in mfd_remove_devices_fn()
Browse files Browse the repository at this point in the history 
The pdev.mfd_cell is released by platform_device_release(), which is
invoked by platform_device_unregister(). Hence mfd_remove_devices_fn()
shouldn't release the cell variable. The double-free bug is reported KASAN
during of MFD driver module removal.

Fixes: 466a62d ("mfd: core: Make a best effort attempt to match devices with the correct of_nodes")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
  • Loading branch information
Dmitry Osipenko authored and Lee Jones committed Aug 24, 2020
1 parent 9123e3a commit 6b6cf2b
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions drivers/mfd/mfd-core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,8 +370,6 @@ static int mfd_remove_devices_fn(struct device *dev, void *data)
regulator_bulk_unregister_supply_alias(dev, cell->parent_supplies,
cell->num_parent_supplies);

kfree(cell);

platform_device_unregister(pdev);
return 0;
}
Expand Down

0 comments on commit 6b6cf2b

Please sign in to comment.