Revision d81916910f7498fe7a768697e0101d488f9fe665 authored by Yang Yingliang on 29 October 2022, 08:29:31 UTC, committed by Huacai Chen on 29 October 2022, 08:29:31 UTC
Currently the return value of 'sub_driver->init' is not checked. If
sparse_keymap_setup() called in the init function fails, 'generic_
inputdev' is freed, then it will lead a UAF when using it in generic_
acpi_laptop_init(). Fix it by checking the return value and setting
generic_inputdev to NULL after free, so as to avoid double free it.
The error code in generic_subdriver_init() is always negative, so the
return of generic_subdriver_init() can be simplified.
Fixes: 6246ed09111f ("LoongArch: Add ACPI-based generic laptop driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
1 parent fbe605a
tools-support-relr.sh
#!/bin/sh -eu
# SPDX-License-Identifier: GPL-2.0
tmp_file=$(mktemp)
trap "rm -f $tmp_file.o $tmp_file $tmp_file.bin" EXIT
cat << "END" | $CC -c -x c - -o $tmp_file.o >/dev/null 2>&1
void *p = &p;
END
$LD $tmp_file.o -shared -Bsymbolic --pack-dyn-relocs=relr \
--use-android-relr-tags -o $tmp_file
# Despite printing an error message, GNU nm still exits with exit code 0 if it
# sees a relr section. So we need to check that nothing is printed to stderr.
test -z "$($NM $tmp_file 2>&1 >/dev/null)"
$OBJCOPY -O binary $tmp_file $tmp_file.bin
Computing file changes ...
