hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8UN5
--------------------------------
Commit aa1e2bfdc899 attempt to fix a CVE problem, but the patch conflicted with current version. When the patch is adapted, an error is introduced in the function of gpiochip_add_data_with_key. After the gdev is released, the gdev is still accessed, resulting in use-after-free.
The value of gdev->ngpio is assigned from gc->ngpio and is not changed during the processing of function. Therefore, this patch changes gdev->ngpio to gc->ngpio to solve the above use-after-free problem.
Fixes: aa1e2bfdc899 ("gpiolib: fix memory leak in gpiochip_setup_dev()") Signed-off-by: He Yujie coka.heyujie@huawei.com --- drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index ae000b513bc1..9e717cf180d4 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -795,7 +795,7 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data, err_print_message: /* failures here can mean systems won't boot... */ pr_err("%s: GPIOs %d..%d (%s) failed to register, %d\n", __func__, - base, base + gdev->ngpio - 1, + base, base + (int)gc->ngpio - 1, gc->label ? : "generic", ret); return ret; }