From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Evgeny Novikov <novikov@ispras.ru>,
Basavaraj Natikar <Basavaraj.Natikar@amd.com>,
Jiri Kosina <jkosina@suse.cz>, Sasha Levin <sashal@kernel.org>,
nehal-bakulchandra.shah@amd.com, basavaraj.natikar@amd.com,
jikos@kernel.org, benjamin.tissoires@redhat.com,
linux-input@vger.kernel.org
Subject: [PATCH AUTOSEL 5.14 14/40] HID: amd_sfh: Fix potential NULL pointer dereference
Date: Tue, 5 Oct 2021 09:49:53 -0400 [thread overview]
Message-ID: <20211005135020.214291-14-sashal@kernel.org> (raw)
In-Reply-To: <20211005135020.214291-1-sashal@kernel.org>
From: Evgeny Novikov <novikov@ispras.ru>
[ Upstream commit d46ef750ed58cbeeba2d9a55c99231c30a172764 ]
devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
registration that will cause NULL pointer dereference since
corresponding data is not initialized yet. The patch moves
initialization of data before devm_add_action_or_reset().
Found by Linux Driver Verification project (linuxtesting.org).
[jkosina@suse.cz: rebase]
Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
Acked-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
index 8d68796aa905..4069b813c6c3 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
@@ -235,6 +235,10 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
return rc;
}
+ rc = amd_sfh_hid_client_init(privdata);
+ if (rc)
+ return rc;
+
privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL);
if (!privdata->cl_data)
return -ENOMEM;
@@ -245,7 +249,7 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
mp2_select_ops(privdata);
- return amd_sfh_hid_client_init(privdata);
+ return 0;
}
static const struct pci_device_id amd_mp2_pci_tbl[] = {
--
2.33.0
prev parent reply other threads:[~2021-10-05 13:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20211005135020.214291-1-sashal@kernel.org>
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 10/40] HID: betop: fix slab-out-of-bounds Write in betop_probe Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 11/40] HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 13/40] HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs Sasha Levin
2021-10-05 13:49 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211005135020.214291-14-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=Basavaraj.Natikar@amd.com \
--cc=benjamin.tissoires@redhat.com \
--cc=jikos@kernel.org \
--cc=jkosina@suse.cz \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nehal-bakulchandra.shah@amd.com \
--cc=novikov@ispras.ru \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).