Martin Peres
2017-Jan-18 21:49 UTC
[Nouveau] [PATCH] drm/nouveau/led: prevent a possible use-after-free
If the led class registration fails, we free drm->led but do not reset
it to NULL, which means that the suspend/resume/fini function will act
as if everything went well in init() and will likely crash the kernel.
This patch adds the missing drm->led = NULL.
Reported-by: Emmanuel Pescosta <emmanuelpescosta099 at gmail.com>
Signed-off-by: Martin Peres <martin.peres at free.fr>
---
Ben, I do not have a 4.10 kernel available to at least test-compile the
patch. Could you make sure it works before applying it? After all the
trouble we got from the LED before, I don't want to add another one!
drm/nouveau/nouveau_led.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drm/nouveau/nouveau_led.c b/drm/nouveau/nouveau_led.c
index 72456b16..2c5e0628 100644
--- a/drm/nouveau/nouveau_led.c
+++ b/drm/nouveau/nouveau_led.c
@@ -102,6 +102,7 @@ nouveau_led_init(struct drm_device *dev)
ret = led_classdev_register(dev->dev, &drm->led->led);
if (ret) {
kfree(drm->led);
+ drm->led = NULL;
return ret;
}
--
2.11.0
Apparently Analagous Threads
- [PATCH] drm/nouveau: add a LED driver for the NVIDIA logo
- [PATCH v2] drm/nouveau: add a LED driver for the NVIDIA logo
- [PATCH] drm/nouveau: add a LED driver for the NVIDIA logo
- [PATCH v2] drm/nouveau: add a LED driver for the NVIDIA logo
- [PATCH] nouveau/led: prevent compiling the led-code if nouveau=y and leds=m
Wisdom of the Ancients
