[PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport

Linux USB
 help / color / mirror / Atom feed

* [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()
@ 2024-07-23 14:13 Ma Ke
  2024-07-23 14:21 ` Dmitry Baryshkov
  2024-07-23 17:33 ` Greg KH
  0 siblings, 2 replies; 3+ messages in thread
From: Ma Ke @ 2024-07-23 14:13 UTC (permalink / raw)
  To: heikki.krogerus, gregkh, utkarsh.h.patel, abhishekpandit,
	andriy.shevchenko, make24, kyletso
  Cc: linux-usb, linux-kernel, stable

When dp->con->partner is an error, a NULL pointer dereference may occur.
Add a check for dp->con->partner to avoid dereferencing a NULL pointer.

Cc: stable@vger.kernel.org
Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Changes in v2:
- added Cc stable line;
- fixed a typo.
---
 drivers/usb/typec/ucsi/displayport.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
index 420af5139c70..ecc706e0800d 100644
--- a/drivers/usb/typec/ucsi/displayport.c
+++ b/drivers/usb/typec/ucsi/displayport.c
@@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
 	switch (cmd_type) {
 	case CMDT_INIT:
 		if (PD_VDO_SVDM_VER(header) < svdm_version) {
+			if (IS_ERR_OR_NULL(dp->con->partner))
+				break;
 			typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header));
 			svdm_version = PD_VDO_SVDM_VER(header);
 		}
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()
  2024-07-23 14:13 [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm() Ma Ke
@ 2024-07-23 14:21 ` Dmitry Baryshkov
  2024-07-23 17:33 ` Greg KH
  1 sibling, 0 replies; 3+ messages in thread
From: Dmitry Baryshkov @ 2024-07-23 14:21 UTC (permalink / raw)
  To: Ma Ke
  Cc: heikki.krogerus, gregkh, utkarsh.h.patel, abhishekpandit,
	andriy.shevchenko, kyletso, linux-usb, linux-kernel, stable

On Tue, Jul 23, 2024 at 10:13:44PM GMT, Ma Ke wrote:
> When dp->con->partner is an error, a NULL pointer dereference may occur.
> Add a check for dp->con->partner to avoid dereferencing a NULL pointer.
> 
> Cc: stable@vger.kernel.org
> Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Changes in v2:
> - added Cc stable line;
> - fixed a typo.
> ---
>  drivers/usb/typec/ucsi/displayport.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
> index 420af5139c70..ecc706e0800d 100644
> --- a/drivers/usb/typec/ucsi/displayport.c
> +++ b/drivers/usb/typec/ucsi/displayport.c
> @@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
>  	switch (cmd_type) {
>  	case CMDT_INIT:
>  		if (PD_VDO_SVDM_VER(header) < svdm_version) {
> +			if (IS_ERR_OR_NULL(dp->con->partner))

Usually IS_ERR_OR_NULL is one of the red flags. It is either IS_ERR or
NULL, but not both.

Also could you please describe the path how we can end up here without a
proper dp->con->partner.

> +				break;
>  			typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header));
>  			svdm_version = PD_VDO_SVDM_VER(header);
>  		}
> -- 
> 2.25.1
> 

-- 
With best wishes
Dmitry

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()
  2024-07-23 14:13 [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm() Ma Ke
  2024-07-23 14:21 ` Dmitry Baryshkov
@ 2024-07-23 17:33 ` Greg KH
  1 sibling, 0 replies; 3+ messages in thread
From: Greg KH @ 2024-07-23 17:33 UTC (permalink / raw)
  To: Ma Ke
  Cc: heikki.krogerus, utkarsh.h.patel, abhishekpandit,
	andriy.shevchenko, kyletso, linux-usb, linux-kernel, stable

On Tue, Jul 23, 2024 at 10:13:44PM +0800, Ma Ke wrote:
> When dp->con->partner is an error, a NULL pointer dereference may occur.
> Add a check for dp->con->partner to avoid dereferencing a NULL pointer.
> 
> Cc: stable@vger.kernel.org
> Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>

How was this found?  How was it tested?  Given that the first version
didn't even build, it seems like this was never tested at all...

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-07-23 17:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-23 14:13 [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm() Ma Ke
2024-07-23 14:21 ` Dmitry Baryshkov
2024-07-23 17:33 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox