Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6e223e40 authored by David Collins's avatar David Collins
Browse files

regulator: core: correct double remove in rdev_deinit_debugfs 



The current ordering of statements in the rdev_deinit_debugfs()
function causes freed memory to be dereferenced.  This occurs
because the regulator_put(rdev->debug_consumer) call results in
debugfs_remove_recursive() being called on
rdev->debug_consumer->debugfs after it was previously removed
by the debugfs_remove_recursive() call to the parent dentry
rdev->debugfs.

Correct this by setting rdev->debug_consumer->debugfs to NULL
after calling debugfs_remove_recursive() for the parent directory
rdev->debugfs.  This ensures that the regulator_put() call does
not try to remove the already removed subdirectory and also that
the debugfs callbacks which make use of rdev->debug_consumer are
removed before rdev->debug_consumer is freed in the regulator_put()
call.

Change-Id: Icb7da7949e401f64cf9e71c732cb40e43ddbdc01
Signed-off-by: default avatarDavid Collins <collinsd@codeaurora.org>
parent 72ee5cb1

drivers/regulator/core.c

+1 −0
Original line number Diff line number Diff line
@@ -3948,6 +3948,7 @@ static void rdev_deinit_debugfs(struct regulator_dev *rdev) 
{

	if (!IS_ERR_OR_NULL(rdev)) {

		debugfs_remove_recursive(rdev->debugfs);

		rdev->debug_consumer->debugfs = NULL;

		regulator_put(rdev->debug_consumer);

	}

}