CVE-2023-53658

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: bcm-qspi: return error if neither hif_mspi nor mspi is available<br /> <br /> If neither a "hif_mspi" nor "mspi" resource is present, the driver will<br /> just early exit in probe but still return success. Apart from not doing<br /> anything meaningful, this would then also lead to a null pointer access<br /> on removal, as platform_get_drvdata() would return NULL, which it would<br /> then try to dereference when trying to unregister the spi master.<br /> <br /> Fix this by unconditionally calling devm_ioremap_resource(), as it can<br /> handle a NULL res and will then return a viable ERR_PTR() if we get one.<br /> <br /> The "return 0;" was previously a "goto qspi_resource_err;" where then<br /> ret was returned, but since ret was still initialized to 0 at this place<br /> this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix<br /> use-after-free on unbind"). The issue was not introduced by this commit,<br /> only made more obvious.