[PATCH OLK-6.6 6/6] firmware: sysfb: Fix reference count of sysfb parent device

18 Nov 2024

From: Thomas Zimmermann tzimmermann@suse.de
mainline inclusion
from mainline-v6.10-rc7
commit 3285d8f0a2ede604c368155c9c0921e16d41f70a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAR4KI
CVE: CVE-2024-46698
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Retrieving the system framebuffer's parent device in sysfb_init()
increments the parent device's reference count. Hence release the
reference before leaving the init function.
Adding the sysfb platform device acquires and additional reference
for the parent. This keeps the parent device around while the system
framebuffer is in use.
Signed-off-by: Thomas Zimmermann tzimmermann@suse.de
Fixes: 9eac534db001 ("firmware/sysfb: Set firmware-framebuffer parent device")
Cc: Thomas Zimmermann tzimmermann@suse.de
Cc: Javier Martinez Canillas javierm@redhat.com
Cc: Helge Deller deller@gmx.de
Cc: Jani Nikula jani.nikula@intel.com
Cc: Dan Carpenter dan.carpenter@linaro.org
Cc: Arnd Bergmann arnd@arndb.de
Cc: Sui Jingfeng suijingfeng@loongson.cn
Cc: stable@vger.kernel.org # v6.9+
Reviewed-by: Javier Martinez Canillas javierm@redhat.com
Link: https://patchwork.freedesktop.org/patch/msgid/20240625081818.15696-1-tzimmer...
Signed-off-by: dinglongwei dinglongwei1@huawei.com
---
 drivers/firmware/sysfb.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c
index ac4680dc463f..02a07d3d0d40 100644
--- a/drivers/firmware/sysfb.c
+++ b/drivers/firmware/sysfb.c
@@ -108,8 +108,10 @@ static struct device *sysfb_parent_dev(const struct screen_info *si)
    if (IS_ERR(pdev)) {
    	return ERR_CAST(pdev);
    } else if (pdev) {
-		if (!sysfb_pci_dev_is_enabled(pdev))
+		if (!sysfb_pci_dev_is_enabled(pdev)) {
+			pci_dev_put(pdev);
    		return ERR_PTR(-ENODEV);
+		}
    	return &pdev->dev;
    }
@@ -144,7 +146,7 @@ static __init int sysfb_init(void)
    if (compatible) {
    	pd = sysfb_create_simplefb(si, &mode, parent);
    	if (!IS_ERR(pd))
-			goto unlock_mutex;
+			goto put_device;
    }
/* if the FB is incompatible, create a legacy framebuffer device */
@@ -162,7 +164,7 @@ static __init int sysfb_init(void)
    pd = platform_device_alloc(name, 0);
    if (!pd) {
    	ret = -ENOMEM;
-		goto unlock_mutex;
+		goto put_device;
    }
pd->dev.parent = parent;
@@ -177,9 +179,11 @@ static __init int sysfb_init(void)
    if (ret)
    	goto err;
-	goto unlock_mutex;
+	goto put_device;
 err:
    platform_device_put(pd);
+put_device:
+	put_device(parent);
 unlock_mutex:
    mutex_unlock(&disable_lock);
    return ret;
-- 
2.17.1


    

2024

2023

2022

2021

2020

2019

[PATCH OLK-6.6 6/6] firmware: sysfb: Fix reference count of sysfb parent device