The AB8500 debugfs driver allocates memory for a new sysfs entry, but fails to apply the proper post-allocation checks. If the device were to run out of memory, the allocation would return NULL. Without the correct checks the driver will continue to populate NULL->[show|store|...], which would obviously cause a pointer dereference Oops.
Signed-off-by: Lee Jones <[email protected]> --- drivers/mfd/ab8500-debugfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/mfd/ab8500-debugfs.c b/drivers/mfd/ab8500-debugfs.c index 7d1f1b0..c8298b2 100644 --- a/drivers/mfd/ab8500-debugfs.c +++ b/drivers/mfd/ab8500-debugfs.c @@ -2800,6 +2800,9 @@ static ssize_t ab8500_subscribe_write(struct file *file, */ dev_attr[irq_index] = kmalloc(sizeof(struct device_attribute), GFP_KERNEL); + if (!dev_attr[irq_index]) + return -ENOMEM; + event_name[irq_index] = kmalloc(count, GFP_KERNEL); sprintf(event_name[irq_index], "%lu", user_val); dev_attr[irq_index]->show = show_irq; -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
