Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3552992pxb;
        Mon, 24 Jan 2022 12:04:27 -0800 (PST)
X-Google-Smtp-Source: ABdhPJySoWlsaAjvy4WejA1Y2ULqDO4xfgDZEkrH0lBUKkQik1xTN3ig8IXWEe0N1t2CmepB5Xfp
X-Received: by 2002:a63:68c3:: with SMTP id d186mr13007098pgc.306.1643054666857;
        Mon, 24 Jan 2022 12:04:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643054666; cv=none;
        d=google.com; s=arc-20160816;
        b=exd793c+3ElMh9uN3yAyI6YrU8d2EFZcWVyPllxyx+X5t488GSIJ0cZxThCzjrEK8V
         cmzBCuCzAz0fhz08Okgrlh2SXwOgr6b1irEHKORWcen5nARo1a/IbbaJ2/4lfE/PYbSV
         kILn4I+HqO/Kd5OX8q6CY+bAD2zB9ajAC/YzxV0MdDEcEYEBrIAw0ho99rd/Dck+CNVq
         tchWMBsL/KvPTgdP5kA1TBpPVgpt37hE5340BPvAZinU24mwkyxwHSLYXu4jmP/wcZyr
         mPRHB/X63mNQ46BapfJ0J9AsXD8GHoXeWvz2zXqW4gH/7carz9rHoF7t6CteXitKqylS
         zrVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=PloFj5FGO7CFuRlT4PTy2rLbcz/pzQDacbjzJLgifNQ=;
        b=m5yfDW2GsdSo/X9g75DSh7dmzSl6HnLqnltmFx+smglm/ncgbJjFplC1z6Gf3Hcp9O
         Z4wEFsmN4aVpvpaGqyUVb38NBXRQ6T+5JTi4WmB5oYLouKM5yKgdL6BuCRZOCT31QpWn
         0Qsv/GeV7R5FfQ2IzXBNHRBkESXdxuvHVSXUF+swOaF/B+OHFzHkWUylsMFMxEqwbkix
         3XnNf/1dRIL4gsxhZpEutILyaH7h5ETHrmg+AeYZPjJS/Gn/32vlIWGuP5pcHB0I8g7/
         6/4IntQ7PegMsHB0jofO7CqE7hTLQORdmud31zqR/N25rztMPC3ysb4stFEuAjgFor2C
         FNEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xHKf48ny;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m16si7049933pgu.404.2022.01.24.12.04.14;
        Mon, 24 Jan 2022 12:04:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xHKf48ny;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1344867AbiAXTEX (ORCPT <rfc822;troverman@gmail.com> + 99 others);
        Mon, 24 Jan 2022 14:04:23 -0500
Received: from ams.source.kernel.org ([145.40.68.75]:57298 "EHLO
        ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1345206AbiAXS74 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jan 2022 13:59:56 -0500
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id B707CB8121C;
        Mon, 24 Jan 2022 18:59:55 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6AE1C340E5;
        Mon, 24 Jan 2022 18:59:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1643050794;
        bh=8+gCBx0g7+QE7u/fTFVaw7lf8xg7PIrSLStF9YpUgcY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=xHKf48nyTKpw/plnmYAT6zNUOJeROWaddZQmsn9VnES2b0+MxEUWPIP2cpdIZlNfT
         87wRhOtXh9bPkysGf7MUV0TGlP0bP8Oqk0WjAhi1TmVjSbQqK/HyLh3MXH3GS80ow+
         pcT+y6y0Ga2knJ0ErF6xyoWvaWtBvLGnDpKRho54=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Chengfeng Ye <cyeaa@connect.ust.hk>,
        Sebastian Reichel <sebastian.reichel@collabora.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 081/157] HSI: core: Fix return freed object in hsi_new_client
Date:   Mon, 24 Jan 2022 19:42:51 +0100
Message-Id: <20220124183935.354484686@linuxfoundation.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220124183932.787526760@linuxfoundation.org>
References: <20220124183932.787526760@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Chengfeng Ye <cyeaa@connect.ust.hk>

[ Upstream commit a1ee1c08fcd5af03187dcd41dcab12fd5b379555 ]

cl is freed on error of calling device_register, but this
object is return later, which will cause uaf issue. Fix it
by return NULL on error.

Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hsi/hsi_core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/hsi/hsi_core.c b/drivers/hsi/hsi_core.c
index e9d63b966caff..4a9fd745b8cb4 100644
--- a/drivers/hsi/hsi_core.c
+++ b/drivers/hsi/hsi_core.c
@@ -115,6 +115,7 @@ struct hsi_client *hsi_new_client(struct hsi_port *port,
 	if (device_register(&cl->device) < 0) {
 		pr_err("hsi: failed to register client: %s\n", info->name);
 		put_device(&cl->device);
+		goto err;
 	}
 
 	return cl;
-- 
2.34.1