From: Chengfeng Ye cyeaa@connect.ust.hk
[ Upstream commit a1ee1c08fcd5af03187dcd41dcab12fd5b379555 ]
cl is freed on error of calling device_register, but this object is return later, which will cause uaf issue. Fix it by return NULL on error.
Signed-off-by: Chengfeng Ye cyeaa@connect.ust.hk Signed-off-by: Sebastian Reichel sebastian.reichel@collabora.com Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/hsi/hsi_core.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/hsi/hsi_core.c b/drivers/hsi/hsi_core.c index ec90713564e32..884066109699c 100644 --- a/drivers/hsi/hsi_core.c +++ b/drivers/hsi/hsi_core.c @@ -102,6 +102,7 @@ struct hsi_client *hsi_new_client(struct hsi_port *port, if (device_register(&cl->device) < 0) { pr_err("hsi: failed to register client: %s\n", info->name); put_device(&cl->device); + goto err; }
return cl;