On Tue, Aug 16, 2022 at 10:01:16AM +0100, Sudeep Holla wrote: > commit 689640efc0a2c4e07e6f88affe6d42cd40cc3f85 upstream. > > When scpi probe fails, at any point, we need to ensure that the scpi_info > is not set and will remain NULL until the probe succeeds. If it is not > taken care, then it could result use-after-free as the value is exported > via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() > but freed when the probe fails. > > Link: https://lore.kernel.org/r/20220701160310.148344-1-sudeep.holla@xxxxxxx > Cc: stable@xxxxxxxxxxxxxxx # 4.19+ > Reported-by: huhai <huhai@xxxxxxxxxx> > Reviewed-by: Jackie Liu <liuyun01@xxxxxxxxxx> > Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx> > --- > drivers/firmware/arm_scpi.c | 61 +++++++++++++++++++++---------------- > 1 file changed, 35 insertions(+), 26 deletions(-) Now queued up, thanks. greg k-h
