On Saturday 25 April 2009, Paul Walmsley wrote: > > During regulator registration, any error after device_register() will > cause a double-free on the struct regulator_dev 'rdev'. The bug is in > drivers/regulator/core.c:regulator_register(): > > ... > scrub: > device_unregister(&rdev->dev); > clean: > kfree(rdev); <--- > rdev = ERR_PTR(ret); > goto out; > ... > > device_unregister() calls regulator_dev_release() which frees rdev. The > subsequent kfree corrupts memory and causes some OMAP3 systems to oops on > boot in regulator_get(). > > Applies against 2.6.30-rc3. > > Signed-off-by: Paul Walmsley <paul@xxxxxxxxx> This looks like it would address the oopsing I mentioned a while back, since affects cleanup paths after errors during driver probe(). > --- > drivers/regulator/core.c | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c > index 01f7702..fabd2e0 100644 > --- a/drivers/regulator/core.c > +++ b/drivers/regulator/core.c > @@ -2080,6 +2080,10 @@ out: > > scrub: > device_unregister(&rdev->dev); > + /* device core frees rdev */ > + rdev = ERR_PTR(ret); > + goto out; > + > clean: > kfree(rdev); > rdev = ERR_PTR(ret); > -- > 1.6.3.rc1.51.gea0b7 > > -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
