greybus: power_supply: fix use after free of power supply

Individual power supply were being freed and checked using the wrong
pointers and at the wrong place, which would make several issues, like
used after free and so on.
Fix it by freeing all allocated memory after release individual power
supply.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Reported-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

diff --git a/drivers/staging/greybus/power_supply.c b/drivers/staging/greybus/power_supply.c
index 3c9bb12..d985e13 100644 (file)
--- a/drivers/staging/greybus/power_supply.c
+++ b/drivers/staging/greybus/power_supply.c
@@ -544,13 +544,10 @@ static void _gb_power_supply_free(struct gb_power_supply *gbpsy)
        kfree(gbpsy->manufacturer);
        kfree(gbpsy->props_raw);
        kfree(gbpsy->props);
-       kfree(gbpsy);
 }
 
 static void _gb_power_supply_release(struct gb_power_supply *gbpsy)
 {
-       if (!gbpsy)
-               return;
 
        gbpsy->update_interval = 0;
 
@@ -576,6 +573,7 @@ static void _gb_power_supplies_release(struct gb_power_supplies *supplies)
        mutex_lock(&supplies->supplies_lock);
        for (i = 0; i < supplies->supplies_count; i++)
                _gb_power_supply_release(&supplies->supply[i]);
+       kfree(supplies->supply);
        mutex_unlock(&supplies->supplies_lock);
        kfree(supplies);
 }