platform/x86: ISST: fix use-after-free in tpmi_sst_dev_remove()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In tpmi_sst_dev_remove(), tpmi_sst is dereferenced after being freed.
Fix this by reordering the kfree() post the dereference.

Fixes: 9d1d36268f3d ("platform/x86: ISST: Support partitioned systems")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Link: https://lore.kernel.org/r/20240517144946.289615-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

authored by

Harshit Mogalapalli and committed by

Hans de Goede 2 years ago a4edf675 1613e604

+1 -1

1 changed file

expand all

drivers

platform

x86

intel

speed_select_if

isst_tpmi_core.c

+1 -1

drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c

··· 1610 1610 tpmi_sst->partition_mask_current &= ~BIT(plat_info->partition); 1611 1611 /* Free the package instance when the all partitions are removed */ 1612 1612 if (!tpmi_sst->partition_mask_current) { 1613 - kfree(tpmi_sst); 1614 1613 isst_common.sst_inst[tpmi_sst->package_id] = NULL; 1614 + kfree(tpmi_sst); 1615 1615 } 1616 1616 mutex_unlock(&isst_tpmi_dev_lock); 1617 1617 }