projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 443828f)
drm/nouveau/drm/nouveau/led: prevent a possible use-after-free
authorMartin Peres <martin.peres@free.fr>
Wed, 18 Jan 2017 21:49:21 +0000 (23:49 +0200)
committerBen Skeggs <bskeggs@redhat.com>
Fri, 17 Feb 2017 07:38:07 +0000 (17:38 +1000)
If the led class registration fails, we free drm->led but do not reset
it to NULL, which means that the suspend/resume/fini function will act
as if everything went well in init() and will likely crash the kernel.

This patch adds the missing drm->led = NULL.

Reported-by: Emmanuel Pescosta <emmanuelpescosta099@gmail.com>
Signed-off-by: Martin Peres <martin.peres@free.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
drivers/gpu/drm/nouveau/nouveau_led.c patch | blob | history

diff --git a/drivers/gpu/drm/nouveau/nouveau_led.c b/drivers/gpu/drm/nouveau/nouveau_led.c
index 72456b1693a4e9a4c9879d551bfb0a59938bf69d..2c5e0628da12f783c6e8a29245123edf5479deed 100644 (file)
--- a/drivers/gpu/drm/nouveau/nouveau_led.c
+++ b/drivers/gpu/drm/nouveau/nouveau_led.c
@@ -102,6 +102,7 @@ nouveau_led_init(struct drm_device *dev)
        ret = led_classdev_register(dev->dev, &drm->led->led);
        if (ret) {
                kfree(drm->led);
+               drm->led = NULL;
                return ret;
        }
 
John Crispins staging tree