1. Patchew
  2. linux
  3. View series

[PATCH] spi: axiado: fix use-after-free on probe failure

Johan Hovold posted 1 patch 1 month ago 
drivers/spi/spi-axiado.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
[PATCH] spi: axiado: fix use-after-free on probe failure
Posted by Johan Hovold 1 month ago 
The SPI controller allocation is device managed and must not be released
before returning on probe failures (e.g. probe deferral) to avoid
use-after-free.

Fixes: e75a6b00ad79 ("spi: axiado: Add driver for Axiado SPI DB controller")
Cc: Vladimir Moravcevic <vmoravcevic@axiado.com>
Cc: Prasad Bolisetty <pbolisetty@axiado.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
---
 drivers/spi/spi-axiado.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/drivers/spi/spi-axiado.c b/drivers/spi/spi-axiado.c
index 8cea81432c5b..a7665cf42c29 100644
--- a/drivers/spi/spi-axiado.c
+++ b/drivers/spi/spi-axiado.c
@@ -765,29 +765,25 @@ static int ax_spi_probe(struct platform_device *pdev)
 	platform_set_drvdata(pdev, ctlr);
 
 	xspi->regs = devm_platform_ioremap_resource(pdev, 0);
-	if (IS_ERR(xspi->regs)) {
-		ret = PTR_ERR(xspi->regs);
-		goto remove_ctlr;
-	}
+	if (IS_ERR(xspi->regs))
+		return PTR_ERR(xspi->regs);
 
 	xspi->pclk = devm_clk_get(&pdev->dev, "pclk");
 	if (IS_ERR(xspi->pclk)) {
 		dev_err(&pdev->dev, "pclk clock not found.\n");
-		ret = PTR_ERR(xspi->pclk);
-		goto remove_ctlr;
+		return PTR_ERR(xspi->pclk);
 	}
 
 	xspi->ref_clk = devm_clk_get(&pdev->dev, "ref");
 	if (IS_ERR(xspi->ref_clk)) {
 		dev_err(&pdev->dev, "ref clock not found.\n");
-		ret = PTR_ERR(xspi->ref_clk);
-		goto remove_ctlr;
+		return PTR_ERR(xspi->ref_clk);
 	}
 
 	ret = clk_prepare_enable(xspi->pclk);
 	if (ret) {
 		dev_err(&pdev->dev, "Unable to enable APB clock.\n");
-		goto remove_ctlr;
+		return ret;
 	}
 
 	ret = clk_prepare_enable(xspi->ref_clk);
@@ -869,8 +865,7 @@ static int ax_spi_probe(struct platform_device *pdev)
 	clk_disable_unprepare(xspi->ref_clk);
 clk_dis_apb:
 	clk_disable_unprepare(xspi->pclk);
-remove_ctlr:
-	spi_controller_put(ctlr);
+
 	return ret;
 }
 
-- 
2.52.0
Re: [PATCH] spi: axiado: fix use-after-free on probe failure
Posted by Mark Brown 3 weeks, 5 days ago 
On Thu, Mar 12, 2026 at 11:28:11AM +0100, Johan Hovold wrote:
> The SPI controller allocation is device managed and must not be released
> before returning on probe failures (e.g. probe deferral) to avoid
> use-after-free.

Felix Gu already sent a version of this which was applied, please check
if there's anything remaining to be fixed here.
Re: [PATCH] spi: axiado: fix use-after-free on probe failure
Posted by Johan Hovold 3 weeks, 5 days ago 
On Tue, Mar 17, 2026 at 05:35:55PM +0000, Mark Brown wrote:
> On Thu, Mar 12, 2026 at 11:28:11AM +0100, Johan Hovold wrote:
> > The SPI controller allocation is device managed and must not be released
> > before returning on probe failures (e.g. probe deferral) to avoid
> > use-after-free.
> 
> Felix Gu already sent a version of this which was applied, please check
> if there's anything remaining to be fixed here.

That diff looks correct.

Johan

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.