diff options
author | Josh Cartwright <joshc@ni.com> | 2016-02-17 16:44:15 -0600 |
---|---|---|
committer | Linus Walleij <linus.walleij@linaro.org> | 2016-02-18 20:45:25 +0100 |
commit | 969f07b445d1c30479f53ce6818e1263043b999a (patch) | |
tree | 0093989a761093fb02a7fef7b3e6b9e131186c70 /drivers/gpio/gpiolib.c | |
parent | aaf2b3afb93102411412f9dad8d84b13fc7f7edb (diff) | |
download | lwn-969f07b445d1c30479f53ce6818e1263043b999a.tar.gz lwn-969f07b445d1c30479f53ce6818e1263043b999a.zip |
gpio: use kzalloc to allocate gpio_device
The use of kmalloc() to allocate the gpio_device leaves the contained struct
device object in an unknown state. Calling dev_set_name() on a struct device
of unknown state can trigger the free() of an invalid pointer, as seen in the
following backtrace (collected by Tony Lindgren):
kfree
kobject_set_name_vargs
dev_set_name
gpiochip_add_data
omap_gpio_probe
platform_drv_probe
...
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reported-by: Michael Welling <mwelling@ieee.org>
Reported-by: Tony Lindgren <tony@atomide.com>
Tested-by: Michael Welling <mwelling@ieee.org>
Tested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Josh Cartwright <joshc@ni.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Diffstat (limited to 'drivers/gpio/gpiolib.c')
-rw-r--r-- | drivers/gpio/gpiolib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index d8511cd68e7b..59f0045c5950 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -435,7 +435,7 @@ int gpiochip_add_data(struct gpio_chip *chip, void *data) * First: allocate and populate the internal stat container, and * set up the struct device. */ - gdev = kmalloc(sizeof(*gdev), GFP_KERNEL); + gdev = kzalloc(sizeof(*gdev), GFP_KERNEL); if (!gdev) return -ENOMEM; gdev->dev.bus = &gpio_bus_type; |