This is a note to let you know that I've just added the patch titled HID: amd_sfh: Fix potential NULL pointer dereference to the 5.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: hid-amd_sfh-fix-potential-null-pointer-dereference.patch and it can be found in the queue-5.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 28f388a7a15160fe20aee1c1e57b473dcdc8d21c Author: Evgeny Novikov <novikov@xxxxxxxxx> Date: Tue Jun 1 19:38:01 2021 +0300 HID: amd_sfh: Fix potential NULL pointer dereference [ Upstream commit d46ef750ed58cbeeba2d9a55c99231c30a172764 ] devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset(). Found by Linux Driver Verification project (linuxtesting.org). [jkosina@xxxxxxx: rebase] Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx> Acked-by: Basavaraj Natikar <Basavaraj.Natikar@xxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c index 8d68796aa905..4069b813c6c3 100644 --- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c @@ -235,6 +235,10 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i return rc; } + rc = amd_sfh_hid_client_init(privdata); + if (rc) + return rc; + privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL); if (!privdata->cl_data) return -ENOMEM; @@ -245,7 +249,7 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i mp2_select_ops(privdata); - return amd_sfh_hid_client_init(privdata); + return 0; } static const struct pci_device_id amd_mp2_pci_tbl[] = {