]> git.baikalelectronics.ru Git - kernel.git/commitdiff
projects / kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fbe605a)
platform/loongarch: laptop: Fix possible UAF and simplify generic_acpi_laptop_init()
authorYang Yingliang <yangyingliang@huawei.com>
Sat, 29 Oct 2022 08:29:31 +0000 (16:29 +0800)
committerHuacai Chen <chenhuacai@loongson.cn>
Sat, 29 Oct 2022 08:29:31 +0000 (16:29 +0800)
Currently the return value of 'sub_driver->init' is not checked. If
sparse_keymap_setup() called in the init function fails, 'generic_
inputdev' is freed, then it will lead a UAF when using it in generic_
acpi_laptop_init(). Fix it by checking the return value and setting
generic_inputdev to NULL after free, so as to avoid double free it.

The error code in generic_subdriver_init() is always negative, so the
return of generic_subdriver_init() can be simplified.

Fixes: 6246ed09111f ("LoongArch: Add ACPI-based generic laptop driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
drivers/platform/loongarch/loongson-laptop.c patch | blob | history

diff --git a/drivers/platform/loongarch/loongson-laptop.c b/drivers/platform/loongarch/loongson-laptop.c
index 0e6f4efe21e5d22b03bfcfc9f539e78bcc6f9d03..99203584949daa2af9e5013c7a8ed7d64b60bf0f 100644 (file)
--- a/drivers/platform/loongarch/loongson-laptop.c
+++ b/drivers/platform/loongarch/loongson-laptop.c
@@ -448,6 +448,7 @@ static int __init event_init(struct generic_sub_driver *sub_driver)
        if (ret < 0) {
                pr_err("Failed to setup input device keymap\n");
                input_free_device(generic_inputdev);
+               generic_inputdev = NULL;
 
                return ret;
        }
@@ -502,8 +503,11 @@ static int __init generic_subdriver_init(struct generic_sub_driver *sub_driver)
        if (ret)
                return -EINVAL;
 
-       if (sub_driver->init)
-               sub_driver->init(sub_driver);
+       if (sub_driver->init) {
+               ret = sub_driver->init(sub_driver);
+               if (ret)
+                       goto err_out;
+       }
 
        if (sub_driver->notify) {
                ret = setup_acpi_notify(sub_driver);
@@ -519,7 +523,7 @@ static int __init generic_subdriver_init(struct generic_sub_driver *sub_driver)
 
 err_out:
        generic_subdriver_exit(sub_driver);
-       return (ret < 0) ? ret : 0;
+       return ret;
 }
 
 static void generic_subdriver_exit(struct generic_sub_driver *sub_driver)
Linux Kernel Source Tree.