[PATCH v2] power: sequencing: fix an invalid pointer dereference in error path
From: Bartosz Golaszewski
Date: Fri Jul 12 2024 - 15:40:20 EST
From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
We may end up calling pwrseq_target_free() on a partially initialized
target object whose unit is either NULL or an ERR_PTR(). Avoid
dereferencing invalid memory by adding an appropriate check to
pwrseq_target_free().
Fixes: 249ebf3f65f8 ("power: sequencing: implement the pwrseq core")
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Closes: https://lore.kernel.org/linux-pm/62a3531e-9927-40f8-b587-254a2dfa47ef@stanley.mountain/
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
---
- check for ERR_PTR() in addition to checking for NULL
- only add the check to pwrseq_target_free() as anywhere else unit is
always set and if it's not then it's another bug that needs fixing
drivers/power/sequencing/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/power/sequencing/core.c b/drivers/power/sequencing/core.c
index 9c32b07a55e7..0ffc259c6bb6 100644
--- a/drivers/power/sequencing/core.c
+++ b/drivers/power/sequencing/core.c
@@ -212,7 +212,8 @@ pwrseq_target_new(const struct pwrseq_target_data *data)
static void pwrseq_target_free(struct pwrseq_target *target)
{
- pwrseq_unit_put(target->unit);
+ if (!IS_ERR_OR_NULL(target->unit))
+ pwrseq_unit_put(target->unit);
kfree_const(target->name);
kfree(target);
}
--
2.43.0