Message ID | 20220112234115.11152-2-matthew.ruffell@canonical.com |
---|---|
State | New |
Headers | show |
Series | amd_sfh: Null pointer dereference on early device init causes early panic and fails to boot | expand |
On 13.01.22 00:41, Matthew Ruffell wrote: > From: Basavaraj Natikar <Basavaraj.Natikar@amd.com> > > BugLink: https://bugs.launchpad.net/bugs/1956519 > > The cl_data field of a privdata must be allocated and updated before > using in amd_sfh_hid_client_init() function. > > Hence handling NULL pointer cl_data accordingly. > > Fixes: d46ef750ed58 ("HID: amd_sfh: Fix potential NULL pointer dereference") > Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com> > Signed-off-by: Jiri Kosina <jkosina@suse.cz> > (cherry picked from commit 88a04049c08cd62e698bc1b1af2d09574b9e0aee) > Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 12 ++++-------- > 1 file changed, 4 insertions(+), 8 deletions(-) > > diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > index 7af157b09a52..428f3a02f7db 100644 > --- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > +++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > @@ -235,21 +235,17 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i > return rc; > } > > - rc = amd_sfh_hid_client_init(privdata); > - if (rc) > - return rc; > - > privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL); > if (!privdata->cl_data) > return -ENOMEM; > > - rc = devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata); > + mp2_select_ops(privdata); > + > + rc = amd_sfh_hid_client_init(privdata); > if (rc) > return rc; > > - mp2_select_ops(privdata); > - > - return 0; > + return devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata); > } > > static const struct pci_device_id amd_mp2_pci_tbl[] = { >
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com> On Wed, Jan 12, 2022 at 3:41 PM Matthew Ruffell < matthew.ruffell@canonical.com> wrote: > From: Basavaraj Natikar <Basavaraj.Natikar@amd.com> > > BugLink: https://bugs.launchpad.net/bugs/1956519 > > The cl_data field of a privdata must be allocated and updated before > using in amd_sfh_hid_client_init() function. > > Hence handling NULL pointer cl_data accordingly. > > Fixes: d46ef750ed58 ("HID: amd_sfh: Fix potential NULL pointer > dereference") > Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com> > Signed-off-by: Jiri Kosina <jkosina@suse.cz> > (cherry picked from commit 88a04049c08cd62e698bc1b1af2d09574b9e0aee) > Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com> > --- > drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 12 ++++-------- > 1 file changed, 4 insertions(+), 8 deletions(-) > > diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > index 7af157b09a52..428f3a02f7db 100644 > --- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > +++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c > @@ -235,21 +235,17 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, > const struct pci_device_id *i > return rc; > } > > - rc = amd_sfh_hid_client_init(privdata); > - if (rc) > - return rc; > - > privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct > amdtp_cl_data), GFP_KERNEL); > if (!privdata->cl_data) > return -ENOMEM; > > - rc = devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, > privdata); > + mp2_select_ops(privdata); > + > + rc = amd_sfh_hid_client_init(privdata); > if (rc) > return rc; > > - mp2_select_ops(privdata); > - > - return 0; > + return devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, > privdata); > } > > static const struct pci_device_id amd_mp2_pci_tbl[] = { > -- > 2.33.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >
diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c index 7af157b09a52..428f3a02f7db 100644 --- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c @@ -235,21 +235,17 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i return rc; } - rc = amd_sfh_hid_client_init(privdata); - if (rc) - return rc; - privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL); if (!privdata->cl_data) return -ENOMEM; - rc = devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata); + mp2_select_ops(privdata); + + rc = amd_sfh_hid_client_init(privdata); if (rc) return rc; - mp2_select_ops(privdata); - - return 0; + return devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata); } static const struct pci_device_id amd_mp2_pci_tbl[] = {