5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Khoroshilov khoroshilov@ispras.ru
[ Upstream commit fbfd614aeaa2853c2c575299dfe2458db8eff67e ]
If cpg_mssr_common_init() fails after assigning priv to global variable cpg_mssr_priv, it deallocates priv, but cpg_mssr_priv keeps dangling pointer that potentially can be used later.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 1f7db7bbf031 ("clk: renesas: cpg-mssr: Add early clock support") Signed-off-by: Alexey Khoroshilov khoroshilov@ispras.ru Reviewed-by: Geert Uytterhoeven geert+renesas@glider.be Link: https://lore.kernel.org/r/1671806417-32623-1-git-send-email-khoroshilov@ispr... Signed-off-by: Geert Uytterhoeven geert+renesas@glider.be Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/clk/renesas/renesas-cpg-mssr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/renesas/renesas-cpg-mssr.c b/drivers/clk/renesas/renesas-cpg-mssr.c index 21f762aa21313..ed67b90fc1b0c 100644 --- a/drivers/clk/renesas/renesas-cpg-mssr.c +++ b/drivers/clk/renesas/renesas-cpg-mssr.c @@ -957,7 +957,6 @@ static int __init cpg_mssr_common_init(struct device *dev, goto out_err; }
- cpg_mssr_priv = priv; priv->num_core_clks = info->num_total_core_clks; priv->num_mod_clks = info->num_hw_mod_clks; priv->last_dt_core_clk = info->last_dt_core_clk; @@ -987,6 +986,8 @@ static int __init cpg_mssr_common_init(struct device *dev, if (error) goto out_err;
+ cpg_mssr_priv = priv; + return 0;
out_err: