| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Oct 2021 14:31:50 +0800
From: Yang Yingliang <yangyingliang@...wei.com>
To: <linux-kernel@...r.kernel.org>, <linux-pm@...r.kernel.org>
CC: <sre@...nel.org>, <iskren.chernev@...il.com>
Subject: [PATCH] power: supply: max17040: fix null-ptr-deref in max17040_probe()
Add check the return value of devm_regmap_init_i2c(), otherwise
later access may cause null-ptr-deref as follows:
KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
RIP: 0010:regmap_read+0x33/0x170
Call Trace:
max17040_probe+0x61b/0xff0 [max17040_battery]
? write_comp_data+0x2a/0x90
? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
? tracer_hardirqs_on+0x33/0x520
? __sanitizer_cov_trace_pc+0x1d/0x50
? _raw_spin_unlock_irqrestore+0x4b/0x60
? trace_hardirqs_on+0x63/0x2d0
? write_comp_data+0x2a/0x90
? __sanitizer_cov_trace_pc+0x1d/0x50
? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
i2c_device_probe+0xa31/0xbe0
Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c")
Reported-by: Hulk Robot <hulkci@...wei.com>
Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
---
drivers/power/supply/max17040_battery.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/power/supply/max17040_battery.c b/drivers/power/supply/max17040_battery.c
index 3cea92e28dc3..a9aef1e8b186 100644
--- a/drivers/power/supply/max17040_battery.c
+++ b/drivers/power/supply/max17040_battery.c
@@ -449,6 +449,8 @@ static int max17040_probe(struct i2c_client *client,
chip->client = client;
chip->regmap = devm_regmap_init_i2c(client, &max17040_regmap);
+ if (IS_ERR(chip->regmap))
+ return PTR_ERR(chip->regmap);
chip_id = (enum chip_id) id->driver_data;
if (client->dev.of_node) {
ret = max17040_get_of_data(chip);
--
2.25.1
Powered by blists - more mailing lists