[PATCH AUTOSEL 5.14 14/40] HID: amd_sfh: Fix potential NULL pointer dereference

[PATCH AUTOSEL 5.14 01/40] ext4: check and update i_disksize properly · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 02/40] ext4: correct the error path of ext4_write_inline_data_end() · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 03/40] ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 04/40] ext4: enforce buffer head state assertion in ext4_da_map_blocks · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 05/40] ALSA: oxfw: fix transmission method for Loud models based on OXFW971 · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 06/40] dt-bindings: interconnect: sdm660: Add missing a2noc qos clocks · Sasha Levin <sashal@kernel.org> · 2021-10-05
Re: [PATCH AUTOSEL 5.14 06/40] dt-bindings: interconnect: sdm660: Add missing a2noc qos clocks · Georgi Djakov <djakov@kernel.org> · 2021-10-05
Re: [PATCH AUTOSEL 5.14 06/40] dt-bindings: interconnect: sdm660: Add missing a2noc qos clocks · Sasha Levin <sashal@kernel.org> · 2021-10-06
[PATCH AUTOSEL 5.14 07/40] interconnect: qcom: sdm660: Add missing a2noc qos clocks · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 08/40] ALSA: usb-audio: Unify mixer resume and reset_resume procedure · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 09/40] netfilter: ipset: Fix oversized kvmalloc() calls · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 11/40] HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 13/40] HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 12/40] netfilter: ip6_tables: zero-initialize fragment offset · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 10/40] HID: betop: fix slab-out-of-bounds Write in betop_probe · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 14/40] HID: amd_sfh: Fix potential NULL pointer dereference · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 15/40] ASoC: SOF: loader: release_firmware() on load failure to avoid batching · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 17/40] netfilter: nf_tables: Fix oversized kvmalloc() calls · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 16/40] KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 18/40] netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 19/40] netfilter: nf_nat_masquerade: defer conntrack walk to work queue · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 21/40] mac80211: Drop frames from invalid MAC address in ad-hoc mode · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 22/40] pinctrl: qcom: sc7280: Add PM suspend callbacks · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 24/40] hwmon: (ltc2947) Properly handle errors when looking for the external clock · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 25/40] net: prevent user from passing illegal stab size · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 28/40] net: mdiobus: Fix memory leak in __mdiobus_register · Sasha Levin <sashal@kernel.org> · 2021-10-05
Re: [PATCH AUTOSEL 5.14 28/40] net: mdiobus: Fix memory leak in __mdiobus_register · Andrew Lunn <andrew@lunn.ch> · 2021-10-05
Re: [PATCH AUTOSEL 5.14 28/40] net: mdiobus: Fix memory leak in __mdiobus_register · Sasha Levin <sashal@kernel.org> · 2021-10-06
[PATCH AUTOSEL 5.14 26/40] mac80211: check return value of rhashtable_init · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 27/40] net: bgmac-platform: handle mac-address deferral · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 37/40] perf/core: fix userpage->time_enabled of inactive events · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 36/40] perf/x86: Reset destroy callback on event init failure · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 35/40] scsi: qla2xxx: Fix excessive messages during device logout · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 38/40] sched: Always inline is_percpu_thread() · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 34/40] scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 40/40] hwmon: (pmbus/ibm-cffps) max_power_out swap changes · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 39/40] io_uring: kill fasync · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 33/40] scsi: ses: Fix unsigned comparison with less than zero · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 30/40] vboxfs: fix broken legacy mount signature checking · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 32/40] drm/amdgpu: fix gart.bo pin_count leak · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 31/40] net: sun: SUNVNET_COMMON should depend on INET · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 29/40] nvme: add command id quirk for apple controllers · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 20/40] netfilter: conntrack: serialize hash resizes and cleanups · Sasha Levin <sashal@kernel.org> · 2021-10-05
[PATCH AUTOSEL 5.14 23/40] m68k: Handle arrivals of multiple signals correctly · Sasha Levin <sashal@kernel.org> · 2021-10-05

STALE1727d REVIEWED: 6 (6M)

From: Sasha Levin <sashal@kernel.org>
Date: 2021-10-05 13:51:17
Also in: linux-input, lkml
Subsystem: amd sensor fusion hub driver, hid core layer, the rest · Maintainers: Basavaraj Natikar, Jiri Kosina, Benjamin Tissoires, Linus Torvalds

From: Evgeny Novikov <redacted>

[ Upstream commit d46ef750ed58cbeeba2d9a55c99231c30a172764 ]

devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
registration that will cause NULL pointer dereference since
corresponding data is not initialized yet. The patch moves
initialization of data before devm_add_action_or_reset().

Found by Linux Driver Verification project (linuxtesting.org).

[jkosina@suse.cz: rebase]
Signed-off-by: Evgeny Novikov <redacted>
Acked-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Jiri Kosina <redacted>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
index 8d68796aa905..4069b813c6c3 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c

@@ -235,6 +235,10 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
 		return rc;
 	}
 
+	rc = amd_sfh_hid_client_init(privdata);
+	if (rc)
+		return rc;
+
 	privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL);
 	if (!privdata->cl_data)
 		return -ENOMEM;

@@ -245,7 +249,7 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
 
 	mp2_select_ops(privdata);
 
-	return amd_sfh_hid_client_init(privdata);
+	return 0;
 }
 
 static const struct pci_device_id amd_mp2_pci_tbl[] = {

-- 
2.33.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help