devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
registration that will cause NULL pointer dereference since
corresponding data is not initialized yet. The patch moves
initialization of data before devm_add_action_or_reset().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Evgeny Novikov <[email protected]>
---
drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
index ddecc84fd6f0..8394565c4d01 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
@@ -160,11 +160,16 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
rc = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
return rc;
}
+
+ rc = amd_sfh_hid_client_init(privdata);
+ if (rc)
+ return rc;
+
rc = devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata);
if (rc)
return rc;
- return amd_sfh_hid_client_init(privdata);
+ return 0;
}
static const struct pci_device_id amd_mp2_pci_tbl[] = {
--
2.26.2
On Tue, 1 Jun 2021, Evgeny Novikov wrote:
> devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
> registration that will cause NULL pointer dereference since
> corresponding data is not initialized yet. The patch moves
> initialization of data before devm_add_action_or_reset().
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Evgeny Novikov <[email protected]>
Nehal, Basavaraj, could you please Review/Ack this one?
Thanks,
--
Jiri Kosina
SUSE Labs
Adding Basavaraj
-----Original Message-----
From: Jiri Kosina <[email protected]>
Sent: Wednesday, September 15, 2021 8:28 PM
To: Evgeny Novikov <[email protected]>
Cc: Shah, Nehal-bakulchandra <[email protected]>; Sandeep Singh <[email protected]>; Benjamin Tissoires <[email protected]>; [email protected]; [email protected]; [email protected]
Subject: Re: [PATCH] AMD_SFH: Fix potential NULL pointer dereference
On Tue, 1 Jun 2021, Evgeny Novikov wrote:
> devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
> registration that will cause NULL pointer dereference since
> corresponding data is not initialized yet. The patch moves
> initialization of data before devm_add_action_or_reset().
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Evgeny Novikov <[email protected]>
Nehal, Basavaraj, could you please Review/Ack this one?
Thanks,
--
Jiri Kosina
SUSE Labs
On 9/15/2021 11:02 PM, Shah, Nehal-bakulchandra wrote:
> Adding Basavaraj
>
> -----Original Message-----
> From: Jiri Kosina <[email protected]>
> Sent: Wednesday, September 15, 2021 8:28 PM
> To: Evgeny Novikov <[email protected]>
> Cc: Shah, Nehal-bakulchandra <[email protected]>; Sandeep Singh <[email protected]>; Benjamin Tissoires <[email protected]>; [email protected]; [email protected]; [email protected]
> Subject: Re: [PATCH] AMD_SFH: Fix potential NULL pointer dereference
>
> On Tue, 1 Jun 2021, Evgeny Novikov wrote:
>
>> devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
>> registration that will cause NULL pointer dereference since
>> corresponding data is not initialized yet. The patch moves
>> initialization of data before devm_add_action_or_reset().
>>
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Evgeny Novikov <[email protected]>
> Nehal, Basavaraj, could you please Review/Ack this one?
>
Patch looks good to me. Acked-by: Basavaraj Natikar <[email protected]>
On Tue, 1 Jun 2021, Evgeny Novikov wrote:
> devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
> registration that will cause NULL pointer dereference since
> corresponding data is not initialized yet. The patch moves
> initialization of data before devm_add_action_or_reset().
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Evgeny Novikov <[email protected]>
Applied, thank you.
--
Jiri Kosina
SUSE Labs