From: Lothar Waßmann <LW@KARO-electronics.de>
Date: Mon, 28 Nov 2011 14:38:37 +0000 (+0100)
Subject: regulator: fix use after free bug
X-Git-Tag: accepted/tizen/common/20141203.182822~5788^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=58fb5cf5d1edb7e306574833ee55d732918c89e3;p=platform%2Fkernel%2Flinux-arm64.git

regulator: fix use after free bug

This is caused by dereferencing 'rdev' after device_unregister() in
the regulator_unregister() function.  'rdev' is freed by
device_unregister(), so it must not be dereferenced after this call.

[Edited commit message for legibility -- broonie]

Signed-off-by: Lothar Waßmann <LW@KARO-electronics.de>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
---

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 669d021..938398f 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2799,8 +2799,8 @@ void regulator_unregister(struct regulator_dev *rdev)
 	list_del(&rdev->list);
 	if (rdev->supply)
 		regulator_put(rdev->supply);
-	device_unregister(&rdev->dev);
 	kfree(rdev->constraints);
+	device_unregister(&rdev->dev);
 	mutex_unlock(&regulator_list_mutex);
 }
 EXPORT_SYMBOL_GPL(regulator_unregister);