From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=VpFb=4X=vger.kernel.org=linux-mmc-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2FA2AC3F2CE
	for <linux-mmc@archiver.kernel.org>; Fri,  6 Mar 2020 03:38:41 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 00CCC2072D
	for <linux-mmc@archiver.kernel.org>; Fri,  6 Mar 2020 03:38:40 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key) header.d=mg.codeaurora.org header.i=@mg.codeaurora.org header.b="IImaEsz/"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726359AbgCFDik (ORCPT <rfc822;linux-mmc@archiver.kernel.org>);
        Thu, 5 Mar 2020 22:38:40 -0500
Received: from mail27.static.mailgun.info ([104.130.122.27]:18723 "EHLO
        mail27.static.mailgun.info" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726162AbgCFDik (ORCPT
        <rfc822;linux-mmc@vger.kernel.org>); Thu, 5 Mar 2020 22:38:40 -0500
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt;
 s=smtp; t=1583465919; h=Message-ID: References: In-Reply-To: Subject:
 Cc: To: From: Date: Content-Transfer-Encoding: Content-Type:
 MIME-Version: Sender; bh=Xrqy1Nw8K3ed/VZmjwlPm8bWGmb9xQw2xhPR2bt2Yuo=;
 b=IImaEsz/53lEQjDUoaKM5sp3DIg0VexRPsIsHViTE7rB0EKq8sqd50o8MNkvc3+ssSz4p+FX
 J31phBe1C6o0k6SKoCHVzSu677mzDYIXFZBNYsutVoo/EavG+dDh0I74qCPVTkZXijtYiCIG
 aTuxGR/4IuFE6NrcVyFSYDLs3cg=
X-Mailgun-Sending-Ip: 104.130.122.27
X-Mailgun-Sid: WyJiYTcxMiIsICJsaW51eC1tbWNAdmdlci5rZXJuZWwub3JnIiwgImJlOWU0YSJd
Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171])
 by mxa.mailgun.org with ESMTP id 5e61c5b0.7fdbdf9d57d8-smtp-out-n01;
 Fri, 06 Mar 2020 03:38:24 -0000 (UTC)
Received: by smtp.codeaurora.org (Postfix, from userid 1001)
        id A290CC4479C; Fri,  6 Mar 2020 03:38:24 +0000 (UTC)
Received: from mail.codeaurora.org (localhost.localdomain [127.0.0.1])
        (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        (Authenticated sender: nguyenb)
        by smtp.codeaurora.org (Postfix) with ESMTPSA id 1ED85C43383;
        Fri,  6 Mar 2020 03:38:24 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date:   Thu, 05 Mar 2020 19:38:24 -0800
From:   nguyenb@codeaurora.org
To:     Ulf Hansson <ulf.hansson@linaro.org>
Cc:     Rob Herring <robh+dt@kernel.org>,
        linux-scsi <linux-scsi@vger.kernel.org>,
        linux-mmc@vger.kernel.org, Asutosh Das <asutoshd@codeaurora.org>,
        cang@codeaurora.org, linux-arm-msm <linux-arm-msm@vger.kernel.org>
Subject: Re: [<PATCH v1> 1/4] mmc: core: Add check for NULL pointer access
In-Reply-To: <CAPDyKFrGmXj8HWNz2irUd7i8Cb77U8rLM=V91vcrWE+r7Pqeyg@mail.gmail.com>
References: <cover.1582839544.git.nguyenb@codeaurora.org>
 <b328b981a785525b8424b4ab2197dc1ec54417d1.1582839544.git.nguyenb@codeaurora.org>
 <CAPDyKFrGmXj8HWNz2irUd7i8Cb77U8rLM=V91vcrWE+r7Pqeyg@mail.gmail.com>
Message-ID: <fd4bdb88d984a4095215347bc6e80afe@codeaurora.org>
X-Sender: nguyenb@codeaurora.org
User-Agent: Roundcube Webmail/1.3.9
Sender: linux-mmc-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-mmc.vger.kernel.org>
X-Mailing-List: linux-mmc@vger.kernel.org

On 2020-02-27 22:46, Ulf Hansson wrote:
> On Thu, 27 Feb 2020 at 23:06, Bao D. Nguyen <nguyenb@codeaurora.org> 
> wrote:
>> 
>> If the SD card is removed, the mmc_card pointer can be set to NULL
>> by the mmc_sd_remove() function. Check mmc_card pointer to avoid NULL
>> pointer access.
>> 
>> Signed-off-by: Bao D. Nguyen <nguyenb@codeaurora.org>
>> Signed-off-by: Asutosh Das <asutoshd@codeaurora.org>
>> ---
>>  drivers/mmc/core/bus.c  | 5 +++++
>>  drivers/mmc/core/core.c | 3 +++
>>  2 files changed, 8 insertions(+)
>> 
>> diff --git a/drivers/mmc/core/bus.c b/drivers/mmc/core/bus.c
>> index 74de3f2..4558f51 100644
>> --- a/drivers/mmc/core/bus.c
>> +++ b/drivers/mmc/core/bus.c
>> @@ -131,6 +131,11 @@ static void mmc_bus_shutdown(struct device *dev)
>>         struct mmc_host *host = card->host;
>>         int ret;
> 
> This obviously doesn't solve anything as we have already dereferenced
> the card->host above. In other words we should hit a NULL pointer
> dereference bug then.
> 
> More exactly, how do you trigger this problem?
I am porting this fix in the older kernel version 3.4. In that version 
3.4, the pointer check was needed.
Obviously, this NULL pointer check is not helping anything here as you 
pointed out. I will remove this check and resubmit.

> 
>> 
>> +       if (!card) {
>> +               dev_dbg(dev, "%s: %s: card is NULL\n", dev_name(dev), 
>> __func__);
>> +               return;
>> +       }
>> +
>>         if (dev->driver && drv->shutdown)
>>                 drv->shutdown(card);
>> 
> 
> [...]
> 
> Kind regards
> Uffe