[PATCH] AMD_SFH: Fix potential NULL pointer dereference

From: Evgeny Novikov
Date: Tue Jun 01 2021 - 12:38:09 EST

Next message: Joe Perches: "[PATCH] MAINTAINERS: nfc mailing lists are subscribers-only"
Previous message: Lai Jiangshan: "[RFC PATCH 4/4] x86/entry/nmi: unmask NMIs on userspace NMI when entry debugging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
registration that will cause NULL pointer dereference since
corresponding data is not initialized yet. The patch moves
initialization of data before devm_add_action_or_reset().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx>
---
drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
index ddecc84fd6f0..8394565c4d01 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
@@ -160,11 +160,16 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
rc = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
return rc;
}
+
+ rc = amd_sfh_hid_client_init(privdata);
+ if (rc)
+ return rc;
+
rc = devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata);
if (rc)
return rc;

- return amd_sfh_hid_client_init(privdata);
+ return 0;
}

static const struct pci_device_id amd_mp2_pci_tbl[] = {
--
2.26.2

Next message: Joe Perches: "[PATCH] MAINTAINERS: nfc mailing lists are subscribers-only"
Previous message: Lai Jiangshan: "[RFC PATCH 4/4] x86/entry/nmi: unmask NMIs on userspace NMI when entry debugging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]