From 732d49fdabba8663e5e9f54e6738fe52de711365 Mon Sep 17 00:00:00 2001
From: Liu Rui <dev13201@linx-info.com>
Date: Mon, 24 Nov 2025 16:51:04 +0800
Subject: [PATCH] um: virtio_uml: Fix use-after-free after put_device in probe

stable inclusion
from stable-v5.10.244
commit 14c231959a16ca41bfdcaede72483362a8c645d7
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID0U90
CVE: CVE-2025-39951

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=14c231959a16ca41bfdcaede72483362a8c645d7

-----------------------------

um: virtio_uml: Fix use-after-free after put_device in probe
[ Upstream commit 7ebf70cf181651fe3f2e44e95e7e5073d594c9c0 ]

When register_virtio_device() fails in virtio_uml_probe(),
the code sets vu_dev->registered = 1 even though
the device was not successfully registered.
This can lead to use-after-free or other issues.

Fixes: 04e5b1fb0183 ("um: virtio: Remove device on disconnect")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Liu Rui <dev13201@linx-info.com>

Signed-off-by: Liu Rui <dev13201@linx-info.com>
---
 arch/um/drivers/virtio_uml.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/um/drivers/virtio_uml.c b/arch/um/drivers/virtio_uml.c
index d5d768188b3b..0178d33e5946 100644
--- a/arch/um/drivers/virtio_uml.c
+++ b/arch/um/drivers/virtio_uml.c
@@ -1129,10 +1129,12 @@ static int virtio_uml_probe(struct platform_device *pdev)
 	platform_set_drvdata(pdev, vu_dev);
 
 	rc = register_virtio_device(&vu_dev->vdev);
-	if (rc)
+	if (rc) {
 		put_device(&vu_dev->vdev.dev);
+		return rc;
+	}
 	vu_dev->registered = 1;
-	return rc;
+	return 0;
 
 error_init:
 	os_close_file(vu_dev->sock);
-- 
Gitee