From nobody Tue Feb 10 06:04:37 2026 Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD4DF4414 for ; Mon, 9 Feb 2026 10:30:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770633057; cv=none; b=j2p2cmFMiGH4RPXIjUXmQg1aHGyszsXdkkMJQ3tWspVfSEsGAcOYo1M1OV96Q63hKOs6eAhXmdOADvAHPzZKhELmCwp3C+6Q7J2DCjH1zT3uqb+orITK1k4HMOiQC/eQQXHZlLF7ew0zWt4SOtoZBBg2L0S0+ztL260SwrTyefA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770633057; c=relaxed/simple; bh=Qkv2uIASc//tWjpNFU6OM3TXVYeAhSTPGGdWFg2wHZA=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=af84yKoZFP8XmfP03PtzdmeyTImKgTyRtkMzotMfntB6xBmB6BpxNJqkFUqn25QB+oGQ4r3WVGmMaaSZQs/rA6iqgww0RLu9B0qL2LgJ5RqX9W8S5RyQjdyOlJ6UJ5Vc6mhUCHuEryWHfTYA3eYVLoAaaf2hxqnTN7ThTOWHTQA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PXMu6WeC; arc=none smtp.client-ip=209.85.167.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PXMu6WeC" Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-59dd4bec4ecso4901450e87.0 for ; Mon, 09 Feb 2026 02:30:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770633055; x=1771237855; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=e/aAxMia+3E8ul6axWvd9DfTC9sOFxYn4HkjxTEIWwA=; b=PXMu6WeCAEbazAJ4mtPwQt6aP0l6qprkd5eUn8yTGslosGSI/BwHpaub9qs3XP0aJN kyQexrbQwf8B16wJHMeHAUP4TmRTH4WXfCbeNNvmU3rYbsfAW4uo5tYLNKCrMPNJ3+BK EMWjUk2jOHWmWFK+ThgZXEpcaNFigN0tC8ZgnGf5NLzIrYKbVxjzI7wdfCR4tPipd75x cStzcpPgDUz2EAX38jeAVfHkHEQENC8LAQcBwKQi3TICrQKcxkNZcXgn3cR++Eszy25Z //Ljjk/LHHDXChIMt8TQXEF0ypZl5XhLQKyk7nM+pasLe+/p1N1oTxA6P9BQV8b0lenN wujg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770633055; x=1771237855; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=e/aAxMia+3E8ul6axWvd9DfTC9sOFxYn4HkjxTEIWwA=; b=BuAmeROnQ71CHsv4Xm7DHVbrBCtWkiUF6UCudZXpJq1s1AezqsFvZ/0g3RcybU46J0 ZzAuWOrYywiG1735/uCHaALnls5tbb0XPiRfdyrdQOdFS5D4T3cnHKSG3y7yI5R+Rjvt 0A03thJePA8AAJBICIu0p0Vah3XDprm/SX33Z0dimJd1xOCV5qIwTkBjjVFWWwLsAOnG /BX2chfgk3VTtwXqwWA12SU5YorNJxzt8W3xniFakMuZ3Tx0TSPul0CQB4hU8eo1Eh7S ZmIhkXoJPug1537IsasDDudTM0sqONTUumnGEtZmkOwGBNonUFE+7TwoOfawn6kU+ocv Ucvw== X-Forwarded-Encrypted: i=1; AJvYcCWl5aXSrC79cFFxe9Po4Vkz0hbd4wWdnFwbGLJaHv+34tdSOn5VmpLoDnky9XQLx8dAV5u30bvahhQZk8E=@vger.kernel.org X-Gm-Message-State: AOJu0Yw52+hiJ+LNaH5thETBQgN735HFbQOGM9YnLUQlB9sQImTp1DeZ eeqV7Lc5ISLuoSfIEVVMz6f4u10042dVNJHAQJ3dhsBvLaEecGjnqdvf X-Gm-Gg: AZuq6aIsZGU6xudOCSLr+YtSOT1AMO7TzpVBfTrwM+Oj1f+/WHT4jYUA6xTQIRFIBTl Ut0jUlXYy8LeelRvMs/is6OqEK7wGcLjclqGwdChUPeQxT6CSGzvGiP2MLurfdC3CsewMqJtNMG FOLNsooAEB7gHUmhIGHuJKXlhqK6dQgQ9s1OVIiCPcBYcAJkEw9TX3dnKvPf6iqzleC6Rw+EfC/ 1abWthnRrLcaICndNju4KHAlAHaOJaX3FwQSm8uPngM4jAgmH2VbpIIYfiPEkr4zCQrMQx6Uqyc lxypYI9aw072NdyLaRSa+pOaaolsOvh3KOC1eENpNUu24zKo8a9DClBhk5kPRkoyxpUu78OCKp2 W5oAgHCDUCUxUw6ospgAAJFMb976L6OMU3eQNxM5K6Erj4MRQsstp/ckBE8eL0785MYnyDfOIyN jySgPlNFtQZsu0z6Yr3m6YysJFYG9tQQXgyQHCqkH5z9WV/211jpCeFLdrMN++GUvnglluxpdgO l3V7IxsYdOEBdo= X-Received: by 2002:a05:6512:3e0a:b0:59e:50e7:1273 with SMTP id 2adb3069b0e04-59e50e71400mr576263e87.12.1770633054650; Mon, 09 Feb 2026 02:30:54 -0800 (PST) Received: from localhost.localdomain ([176.33.64.73]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-59e44cf6ed9sm2494273e87.16.2026.02.09.02.30.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Feb 2026 02:30:54 -0800 (PST) From: Alper Ak To: herbert@gondor.apana.org.au, davem@davemloft.net Cc: ashish.kalra@amd.com, thomas.lendacky@amd.com, john.allen@amd.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Alper Ak Subject: [PATCH] crypto/ccp: Fix use-after-free on error path Date: Mon, 9 Feb 2026 13:30:42 +0300 Message-ID: <20260209103042.13686-1-alperyasinak1@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released. Move the pr_err() call before kfree(t) to access the fields while the memory is still valid. This issue reported by Smatch static analyser Fixes:4be423572da1 ("crypto/ccp: Implement SEV-TIO PCIe IDE (phase1)") Signed-off-by: Alper Ak --- drivers/crypto/ccp/sev-dev-tsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev-tsm.c b/drivers/crypto/ccp/sev-dev-= tsm.c index 3cdc38e84500..e0d2e3dd063d 100644 --- a/drivers/crypto/ccp/sev-dev-tsm.c +++ b/drivers/crypto/ccp/sev-dev-tsm.c @@ -378,9 +378,9 @@ void sev_tsm_init_locked(struct sev_device *sev, void *= tio_status_page) return; =20 error_exit: - kfree(t); pr_err("Failed to enable SEV-TIO: ret=3D%d en=3D%d initdone=3D%d SEV=3D%d= \n", ret, t->tio_en, t->tio_init_done, boot_cpu_has(X86_FEATURE_SEV)); + kfree(t); } =20 void sev_tsm_uninit(struct sev_device *sev) --=20 2.43.0