diff options
| author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2019-08-17 11:55:54 -0400 |
|---|---|---|
| committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2019-08-17 11:55:54 -0400 |
| commit | 3920c47acf8d94044fb278f6ab9c29613a715cf7 (patch) | |
| tree | 3e2939d48688093a6b381a63c1d766c97946ca38 | |
| parent | c547be1be4464d4a6d06ddf259f89635f13a7a7a (diff) | |
| download | longterm-queue-4.18-3920c47acf8d94044fb278f6ab9c29613a715cf7.tar.gz | |
cpufreq: add fix for already chosen commit
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| -rw-r--r-- | queue/cpufreq-pasemi-fix-use-after-free-in-pas_cpufreq_cpu.patch | 69 | ||||
| -rw-r--r-- | queue/series | 1 |
2 files changed, 70 insertions, 0 deletions
diff --git a/queue/cpufreq-pasemi-fix-use-after-free-in-pas_cpufreq_cpu.patch b/queue/cpufreq-pasemi-fix-use-after-free-in-pas_cpufreq_cpu.patch new file mode 100644 index 0000000..67ddc84 --- /dev/null +++ b/queue/cpufreq-pasemi-fix-use-after-free-in-pas_cpufreq_cpu.patch @@ -0,0 +1,69 @@ +From e0a12445d1cb186d875410d093a00d215bec6a89 Mon Sep 17 00:00:00 2001 +From: Wen Yang <wen.yang99@zte.com.cn> +Date: Wed, 17 Jul 2019 11:55:04 +0800 +Subject: [PATCH] cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() + +commit e0a12445d1cb186d875410d093a00d215bec6a89 upstream. + +The cpu variable is still being used in the of_get_property() call +after the of_node_put() call, which may result in use-after-free. + +Fixes: a9acc26b75f6 ("cpufreq/pasemi: fix possible object reference leak") +Signed-off-by: Wen Yang <wen.yang99@zte.com.cn> +Acked-by: Viresh Kumar <viresh.kumar@linaro.org> +Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> + +diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c +index 93f39a1d4c3d..c66f566a854c 100644 +--- a/drivers/cpufreq/pasemi-cpufreq.c ++++ b/drivers/cpufreq/pasemi-cpufreq.c +@@ -131,10 +131,18 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) + int err = -ENODEV; + + cpu = of_get_cpu_node(policy->cpu, NULL); ++ if (!cpu) ++ goto out; + ++ max_freqp = of_get_property(cpu, "clock-frequency", NULL); + of_node_put(cpu); +- if (!cpu) ++ if (!max_freqp) { ++ err = -EINVAL; + goto out; ++ } ++ ++ /* we need the freq in kHz */ ++ max_freq = *max_freqp / 1000; + + dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); + if (!dn) +@@ -171,16 +179,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) + } + + pr_debug("init cpufreq on CPU %d\n", policy->cpu); +- +- max_freqp = of_get_property(cpu, "clock-frequency", NULL); +- if (!max_freqp) { +- err = -EINVAL; +- goto out_unmap_sdcpwr; +- } +- +- /* we need the freq in kHz */ +- max_freq = *max_freqp / 1000; +- + pr_debug("max clock-frequency is at %u kHz\n", max_freq); + pr_debug("initializing frequency table\n"); + +@@ -199,9 +197,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) + cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); + return 0; + +-out_unmap_sdcpwr: +- iounmap(sdcpwr_mapbase); +- + out_unmap_sdcasr: + iounmap(sdcasr_mapbase); + out: +-- +2.7.4 + diff --git a/queue/series b/queue/series index 75ad569..3bf3890 100644 --- a/queue/series +++ b/queue/series @@ -61,6 +61,7 @@ s390-cio-fix-cio_irb-declaration.patch selftests-cgroup-fix-cleanup-path-in-test_memcg_subt.patch cpufreq-ppc_cbe-fix-possible-object-reference-leak.patch cpufreq-pasemi-fix-possible-object-reference-leak.patch +cpufreq-pasemi-fix-use-after-free-in-pas_cpufreq_cpu.patch cpufreq-pmac32-fix-possible-object-reference-leak.patch cpufreq-kirkwood-fix-possible-object-reference-leak.patch block-sed-opal-fix-IOC_OPAL_ENABLE_DISABLE_MBR.patch |