From: Martin Peres Date: Wed, 18 Jan 2017 21:49:21 +0000 (+0200) Subject: drm/nouveau/drm/nouveau/led: prevent a possible use-after-free X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ca33fafdc9020720a9773fd416c94fe68aef7220;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git drm/nouveau/drm/nouveau/led: prevent a possible use-after-free If the led class registration fails, we free drm->led but do not reset it to NULL, which means that the suspend/resume/fini function will act as if everything went well in init() and will likely crash the kernel. This patch adds the missing drm->led = NULL. Reported-by: Emmanuel Pescosta Signed-off-by: Martin Peres Signed-off-by: Ben Skeggs --- diff --git a/drivers/gpu/drm/nouveau/nouveau_led.c b/drivers/gpu/drm/nouveau/nouveau_led.c index 72456b1693a4..2c5e0628da12 100644 --- a/drivers/gpu/drm/nouveau/nouveau_led.c +++ b/drivers/gpu/drm/nouveau/nouveau_led.c @@ -102,6 +102,7 @@ nouveau_led_init(struct drm_device *dev) ret = led_classdev_register(dev->dev, &drm->led->led); if (ret) { kfree(drm->led); + drm->led = NULL; return ret; }