From 969f07b445d1c30479f53ce6818e1263043b999a Mon Sep 17 00:00:00 2001
From: Josh Cartwright <joshc@ni.com>
Date: Wed, 17 Feb 2016 16:44:15 -0600
Subject: gpio: use kzalloc to allocate gpio_device

The use of kmalloc() to allocate the gpio_device leaves the contained struct
device object in an unknown state.  Calling dev_set_name() on a struct device
of unknown state can trigger the free() of an invalid pointer, as seen in the
following backtrace (collected by Tony Lindgren):

  kfree
  kobject_set_name_vargs
  dev_set_name
  gpiochip_add_data
  omap_gpio_probe
  platform_drv_probe
  ...

Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reported-by: Michael Welling <mwelling@ieee.org>
Reported-by: Tony Lindgren <tony@atomide.com>
Tested-by: Michael Welling <mwelling@ieee.org>
Tested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Josh Cartwright <joshc@ni.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
 drivers/gpio/gpiolib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'drivers/gpio/gpiolib.c')

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index d8511cd68e7b..59f0045c5950 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -435,7 +435,7 @@ int gpiochip_add_data(struct gpio_chip *chip, void *data)
 	 * First: allocate and populate the internal stat container, and
 	 * set up the struct device.
 	 */
-	gdev = kmalloc(sizeof(*gdev), GFP_KERNEL);
+	gdev = kzalloc(sizeof(*gdev), GFP_KERNEL);
 	if (!gdev)
 		return -ENOMEM;
 	gdev->dev.bus = &gpio_bus_type;
-- 
cgit v1.2.3-59-g8ed1b