From 82aa68afa16819d9f05b899a5fcf174c2f1fb889 Mon Sep 17 00:00:00 2001 From: Thierry Reding Date: Fri, 24 Jul 2020 19:01:05 +0200 Subject: [PATCH] thermal: core: Fix thermal zone lookup by ID When a thermal zone is looked up by an ID and no zone is found matching that ID, the thermal_zone_get_by_id() function will return a pointer to the thermal zone list head which isn't actually a valid thermal zone. This can lead to a subsequent crash because a valid pointer is returned to the called, but dereferencing that pointer as struct thermal_zone is not safe. Fixes: 329b064fbd13 ("thermal: core: Get thermal zone by id") Signed-off-by: Thierry Reding Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/20200724170105.2705467-1-thierry.reding@gmail.com --- drivers/thermal/thermal_core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c index 007f9618e20a..9748fbb9a3a1 100644 --- a/drivers/thermal/thermal_core.c +++ b/drivers/thermal/thermal_core.c @@ -751,16 +751,18 @@ int for_each_thermal_zone(int (*cb)(struct thermal_zone_device *, void *), struct thermal_zone_device *thermal_zone_get_by_id(int id) { - struct thermal_zone_device *tz = NULL; + struct thermal_zone_device *tz, *match = NULL; mutex_lock(&thermal_list_lock); list_for_each_entry(tz, &thermal_tz_list, node) { - if (tz->id == id) + if (tz->id == id) { + match = tz; break; + } } mutex_unlock(&thermal_list_lock); - return tz; + return match; } void thermal_zone_device_unbind_exception(struct thermal_zone_device *tz,