[CVE-2014-9940][PATCH Trusty] regulator: core: Fix regualtor_ena_gpio_free not to access pin after freeing

Thu Jun 8 06:29:43 UTC 2017

From: Seung-Woo Kim <sw0312.kim at samsung.com>

CVE-2014-9940

After freeing pin from regulator_ena_gpio_free, loop can access
the pin. So this patch fixes not to access pin after freeing.

Signed-off-by: Seung-Woo Kim <sw0312.kim at samsung.com>
Signed-off-by: Mark Brown <broonie at kernel.org>
(cherry picked from commit 60a2362f769cf549dc466134efe71c8bf9fbaaba)

Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
 drivers/regulator/core.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index d1db4fb..2d396dc 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1702,6 +1702,8 @@ static void regulator_ena_gpio_free(struct regulator_dev *rdev)
 				gpio_free(pin->gpio);
 				list_del(&pin->list);
 				kfree(pin);
+				rdev->ena_pin = NULL;
+				return;
 			} else {
 				pin->request_count--;
 			}
-- 
1.7.9.5



