From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 08C8BC3DA41 for ; Tue, 9 Jul 2024 13:34:30 +0000 (UTC) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=korg header.b=PtsalJxW; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4WJMR95D3Nz3cSN for ; Tue, 9 Jul 2024 23:34:29 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=korg header.b=PtsalJxW; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linuxfoundation.org (client-ip=2604:1380:4641:c500::1; helo=dfw.source.kernel.org; envelope-from=gregkh@linuxfoundation.org; receiver=lists.ozlabs.org) Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4WJMQN2N1Sz2y8Z for ; Tue, 9 Jul 2024 23:33:47 +1000 (AEST) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 2FA196145C; Tue, 9 Jul 2024 13:33:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7155FC32786; Tue, 9 Jul 2024 13:32:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1720531972; bh=mOE+ryN8qxxEVONxkiQngqNrCkNEB9WBTPuTNVncMOs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PtsalJxWGaXFB9T7jLMLh7Ih886MrFqgDPdz3jcM2NG0VRU6tQC3lLBTvDWW5x/NY BxtT4eqc40FFMIAsSBC2zbYanf4pJuIwqNj/lDGe9vHNPUIxRkXqqr+45S+8DlVZ8a DNjoLE4uvKgLBaDhpz6dtKbrYdChnBdNf8T6Nlac= Date: Tue, 9 Jul 2024 15:32:50 +0200 From: Greg KH To: Ma Ke Subject: Re: [PATCH] cxl: Fix possible null pointer dereference in read_handle() Message-ID: <2024070940-customize-sturdily-fc81@gregkh> References: <20240709131754.855144-1-make24@iscas.ac.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240709131754.855144-1-make24@iscas.ac.cn> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ajd@linux.ibm.com, arnd@arndb.de, linux-kernel@vger.kernel.org, stable@vger.kernel.org, manoj@linux.vnet.ibm.com, imunsie@au1.ibm.com, fbarrat@linux.ibm.com, linuxppc-dev@lists.ozlabs.org, clombard@linux.vnet.ibm.com Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Tue, Jul 09, 2024 at 09:17:54PM +0800, Ma Ke wrote: > In read_handle() of_get_address() may return NULL which is later > dereferenced. Fix this bug by adding NULL check. > > Cc: stable@vger.kernel.org > Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") > Signed-off-by: Ma Ke > --- > drivers/misc/cxl/of.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c > index bcc005dff1c0..d8dbb3723951 100644 > --- a/drivers/misc/cxl/of.c > +++ b/drivers/misc/cxl/of.c > @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) > > /* Get address and size of the node */ > prop = of_get_address(np, 0, &size, NULL); > - if (size) > + if (!prop || size) > return -EINVAL; How was this issue found? thanks, greg k-h