Patch "HID: amd_sfh: Fix potential NULL pointer dereference" has been added to the 5.14-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 1 Oct 2021 10:19:31 -0400

This is a note to let you know that I've just added the patch titled

    HID: amd_sfh: Fix potential NULL pointer dereference

to the 5.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     hid-amd_sfh-fix-potential-null-pointer-dereference.patch
and it can be found in the queue-5.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 28f388a7a15160fe20aee1c1e57b473dcdc8d21c
Author: Evgeny Novikov <novikov@xxxxxxxxx>
Date:   Tue Jun 1 19:38:01 2021 +0300

    HID: amd_sfh: Fix potential NULL pointer dereference
    
    [ Upstream commit d46ef750ed58cbeeba2d9a55c99231c30a172764 ]
    
    devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at
    registration that will cause NULL pointer dereference since
    corresponding data is not initialized yet. The patch moves
    initialization of data before devm_add_action_or_reset().
    
    Found by Linux Driver Verification project (linuxtesting.org).
    
    [jkosina@xxxxxxx: rebase]
    Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx>
    Acked-by: Basavaraj Natikar <Basavaraj.Natikar@xxxxxxx>
    Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
index 8d68796aa905..4069b813c6c3 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
@@ -235,6 +235,10 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
 		return rc;
 	}
 
+	rc = amd_sfh_hid_client_init(privdata);
+	if (rc)
+		return rc;
+
 	privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL);
 	if (!privdata->cl_data)
 		return -ENOMEM;
@@ -245,7 +249,7 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i
 
 	mp2_select_ops(privdata);
 
-	return amd_sfh_hid_client_init(privdata);
+	return 0;
 }
 
 static const struct pci_device_id amd_mp2_pci_tbl[] = {






