Skip to content

Commit 8eea556

Browse files
zampierilucaszampierilucas
committed
Merge: CVE-2024-43830: leds: trigger: Unregister sysfs attributes before calling deactivate()
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5033 JIRA: https://issues.redhat.com/browse/RHEL-54835 CVE: CVE-2024-43830 ``` leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data. Move the device_remove_groups() call to before deactivate() to close this race window. This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling device_add_groups(). Fixes: a7e7a31 ("leds: triggers: add device attribute support") Cc: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Link: https://lore.kernel.org/r/20240504162533.76780-1-hdegoede@redhat.com Signed-off-by: Lee Jones <lee@kernel.org> (cherry picked from commit c0dc9ad) ``` Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com> Approved-by: Tony Camuso <tcamuso@redhat.com> Approved-by: Steve Best <sbest@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Lucas Zampieri <lzampier@redhat.com>
2 parents d3db2cd + c22b1b7 commit 8eea556

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

drivers/leds/led-triggers.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,9 +179,9 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig)
179179

180180
cancel_work_sync(&led_cdev->set_brightness_work);
181181
led_stop_software_blink(led_cdev);
182+
device_remove_groups(led_cdev->dev, led_cdev->trigger->groups);
182183
if (led_cdev->trigger->deactivate)
183184
led_cdev->trigger->deactivate(led_cdev);
184-
device_remove_groups(led_cdev->dev, led_cdev->trigger->groups);
185185
led_cdev->trigger = NULL;
186186
led_cdev->trigger_data = NULL;
187187
led_cdev->activated = false;

0 commit comments

Comments
 (0)