From ca33fafdc9020720a9773fd416c94fe68aef7220 Mon Sep 17 00:00:00 2001 From: Martin Peres Date: Wed, 18 Jan 2017 23:49:21 +0200 Subject: [PATCH] drm/nouveau/drm/nouveau/led: prevent a possible use-after-free If the led class registration fails, we free drm->led but do not reset it to NULL, which means that the suspend/resume/fini function will act as if everything went well in init() and will likely crash the kernel. This patch adds the missing drm->led = NULL. Reported-by: Emmanuel Pescosta Signed-off-by: Martin Peres Signed-off-by: Ben Skeggs --- drivers/gpu/drm/nouveau/nouveau_led.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_led.c b/drivers/gpu/drm/nouveau/nouveau_led.c index 72456b1693a4..2c5e0628da12 100644 --- a/drivers/gpu/drm/nouveau/nouveau_led.c +++ b/drivers/gpu/drm/nouveau/nouveau_led.c @@ -102,6 +102,7 @@ nouveau_led_init(struct drm_device *dev) ret = led_classdev_register(dev->dev, &drm->led->led); if (ret) { kfree(drm->led); + drm->led = NULL; return ret; } -- GitLab