[PATCH] gpiolib: fix freeing of descriptors on error
From: Jim Paris
Date: Thu Sep 13 2018 - 12:42:12 EST
When the main loop in linehandle_create() encounters an error, it
fails to free one of the previously-requested GPIO descriptors.
This renders the unfreed GPIO unusable until reboot, and leaves
its label pointing to free'd kernel memory.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: ab3dbcf78f60 ("gpioib: do not free unrequested descriptors")
Signed-off-by: Jim Paris <jim@xxxxxxxx>
---
drivers/gpio/gpiolib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index e8f8a1999393..a57300c1d649 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -571,7 +571,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip)
if (ret)
goto out_free_descs;
lh->descs[i] = desc;
- count = i;
+ count = i + 1;
if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW)
set_bit(FLAG_ACTIVE_LOW, &desc->flags);
--
2.18.0