[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211115165450.026945817@linuxfoundation.org>
Date: Mon, 15 Nov 2021 18:02:01 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Hulk Robot <hulkci@...wei.com>,
Yang Yingliang <yangyingliang@...wei.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>,
Sebastian Reichel <sebastian.reichel@...labora.com>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.15 626/917] power: supply: max17040: fix null-ptr-deref in max17040_probe()
From: Yang Yingliang <yangyingliang@...wei.com>
[ Upstream commit 1d422ecfc48ee683ae1ccc9217764f6310c0ffce ]
Add check the return value of devm_regmap_init_i2c(), otherwise
later access may cause null-ptr-deref as follows:
KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
RIP: 0010:regmap_read+0x33/0x170
Call Trace:
max17040_probe+0x61b/0xff0 [max17040_battery]
? write_comp_data+0x2a/0x90
? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
? tracer_hardirqs_on+0x33/0x520
? __sanitizer_cov_trace_pc+0x1d/0x50
? _raw_spin_unlock_irqrestore+0x4b/0x60
? trace_hardirqs_on+0x63/0x2d0
? write_comp_data+0x2a/0x90
? __sanitizer_cov_trace_pc+0x1d/0x50
? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
i2c_device_probe+0xa31/0xbe0
Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c")
Reported-by: Hulk Robot <hulkci@...wei.com>
Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@...labora.com>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/power/supply/max17040_battery.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/power/supply/max17040_battery.c b/drivers/power/supply/max17040_battery.c
index 3cea92e28dc3e..a9aef1e8b186e 100644
--- a/drivers/power/supply/max17040_battery.c
+++ b/drivers/power/supply/max17040_battery.c
@@ -449,6 +449,8 @@ static int max17040_probe(struct i2c_client *client,
chip->client = client;
chip->regmap = devm_regmap_init_i2c(client, &max17040_regmap);
+ if (IS_ERR(chip->regmap))
+ return PTR_ERR(chip->regmap);
chip_id = (enum chip_id) id->driver_data;
if (client->dev.of_node) {
ret = max17040_get_of_data(chip);
--
2.33.0
Powered by blists - more mailing lists