]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blame - releases/4.14.111/leds-lp55xx-fix-null-deref-on-firmware-load-failure.patch
projects / thirdparty / kernel / stable-queue.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Linux 4.14.111
[thirdparty/kernel/stable-queue.git] / releases / 4.14.111 / leds-lp55xx-fix-null-deref-on-firmware-load-failure.patch
CommitLineData
04fd09d4
SL		 1From 5f13e1609e1623f0fda6b5a68bf0dc72529a89ce Mon Sep 17 00:00:00 2001
2From: Michal Kazior <michal@plume.com>
3Date: Mon, 11 Feb 2019 10:29:27 +0100
4Subject: leds: lp55xx: fix null deref on firmware load failure
5
6[ Upstream commit 5ddb0869bfc1bca6cfc592c74c64a026f936638c ]
7
8I've stumbled upon a kernel crash and the logs
9pointed me towards the lp5562 driver:
10
11> <4>[306013.841294] lp5562 0-0030: Direct firmware load for lp5562 failed with error -2
12> <4>[306013.894990] lp5562 0-0030: Falling back to user helper
13> ...
14> <3>[306073.924886] lp5562 0-0030: firmware request failed
15> <1>[306073.939456] Unable to handle kernel NULL pointer dereference at virtual address 00000000
16> <4>[306074.251011] PC is at _raw_spin_lock+0x1c/0x58
17> <4>[306074.255539] LR is at release_firmware+0x6c/0x138
18> ...
19
20After taking a look I noticed firmware_release()
21could be called with either NULL or a dangling
22pointer.
23
24Fixes: 10c06d178df11 ("leds-lp55xx: support firmware interface")
25Signed-off-by: Michal Kazior <michal@plume.com>
26Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
27Signed-off-by: Sasha Levin <sashal@kernel.org>
28---
29 drivers/leds/leds-lp55xx-common.c | 4 ++--
30 1 file changed, 2 insertions(+), 2 deletions(-)
31
32diff --git a/drivers/leds/leds-lp55xx-common.c b/drivers/leds/leds-lp55xx-common.c
33index 5377f22ff994..e2655953667c 100644
34--- a/drivers/leds/leds-lp55xx-common.c
35+++ b/drivers/leds/leds-lp55xx-common.c
36@@ -201,7 +201,7 @@ static void lp55xx_firmware_loaded(const struct firmware *fw, void *context)
37
38 if (!fw) {
39 dev_err(dev, "firmware request failed\n");
40- goto out;
41+ return;
42 }
43
44 /* handling firmware data is chip dependent */
45@@ -214,9 +214,9 @@ static void lp55xx_firmware_loaded(const struct firmware *fw, void *context)
46
47 mutex_unlock(&chip->lock);
48
49-out:
50 /* firmware should be released for other channel use */
51 release_firmware(chip->fw);
52+ chip->fw = NULL;
53 }
54
55 static int lp55xx_request_firmware(struct lp55xx_chip *chip)
56--
572.19.1
58
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git