CVE-2025-39674

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: ufs-qcom: Fix ESI null pointer dereference

ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is optional feature and UFS MCQ should work with and without ESI feature.

Commit e46a28cea29a ("scsi: ufs: qcom: Remove the MSI descriptor abuse") brings a regression in ESI (Enhanced System Interrupt) configuration that causes a null pointer dereference when Platform MSI allocation fails.

The issue occurs in when platformdevicemsiinitandallocirqs() in ufsqcomconfigesi() fails (returns -EINVAL) but the current code uses _free() macro for automatic cleanup free MSI resources that were never successfully allocated.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008

Call trace: mutexlock+0xc/0x54 (P) platformdevicemsifreeirqsall+0x1c/0x40 ufsqcomconfigesi+0x1d0/0x220 [ufsqcom] ufshcdconfigmcq+0x28/0x104 ufshcdinit+0xa3c/0xf40 ufshcdpltfrminit+0x504/0x7d4 ufsqcomprobe+0x20/0x58 [ufsqcom]

Fix by restructuring the ESI configuration to try MSI allocation first, before any other resource allocation and instead use explicit cleanup instead of __free() macro to avoid cleanup of unallocated resources.

Tested on SM8750 platform with MCQ enabled, both with and without Platform ESI support.