On Tue, Aug 16, 2022 at 10:01:16AM +0100, Sudeep Holla wrote:
commit 689640efc0a2c4e07e6f88affe6d42cd40cc3f85 upstream.
When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.
Link: https://lore.kernel.org/r/20220701160310.148344-1-sudeep.holla@arm.com Cc: stable@vger.kernel.org # 4.19+ Reported-by: huhai huhai@kylinos.cn Reviewed-by: Jackie Liu liuyun01@kylinos.cn Signed-off-by: Sudeep Holla sudeep.holla@arm.com
drivers/firmware/arm_scpi.c | 61 +++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 26 deletions(-)
Now queued up, thanks.
greg k-h