[PATCH v2] cxl: Fix possible null pointer dereference in read

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] cxl: Fix possible null pointer dereference in read_handle()
@ 2024-07-10 10:33 Ma Ke
  2024-07-10 10:59 ` Greg KH
  2024-07-10 13:05 ` [v2] " Markus Elfring
  0 siblings, 2 replies; 3+ messages in thread
From: Ma Ke @ 2024-07-10 10:33 UTC (permalink / raw)
  To: fbarrat, ajd, arnd, gregkh, clombard, imunsie, mpe, manoj
  Cc: stable, linuxppc-dev, linux-kernel, Ma Ke

In read_handle(), of_get_address() may return NULL which is later
dereferenced. Fix this by adding NULL check.

Cc: stable@vger.kernel.org
Fixes: 14baf4d9c739 ("cxl: Add guest-specific code")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Changes in v2:
- The potential vulnerability was discovered as follows: based on our 
customized static analysis tool, extract vulnerability features[1], and 
then match similar vulnerability features in this function.
- Reference link:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2d9adecc88ab678785b581ab021f039372c324cb
---
 drivers/misc/cxl/of.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c
index bcc005dff1c0..d8dbb3723951 100644
--- a/drivers/misc/cxl/of.c
+++ b/drivers/misc/cxl/of.c
@@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle)
 
 	/* Get address and size of the node */
 	prop = of_get_address(np, 0, &size, NULL);
-	if (size)
+	if (!prop || size)
 		return -EINVAL;
 
 	/* Helper to read a big number; size is in cells (not bytes) */
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] cxl: Fix possible null pointer dereference in read_handle()
  2024-07-10 10:33 [PATCH v2] cxl: Fix possible null pointer dereference in read_handle() Ma Ke
@ 2024-07-10 10:59 ` Greg KH
  2024-07-10 13:05 ` [v2] " Markus Elfring
  1 sibling, 0 replies; 3+ messages in thread
From: Greg KH @ 2024-07-10 10:59 UTC (permalink / raw)
  To: Ma Ke
  Cc: ajd, arnd, linux-kernel, stable, manoj, imunsie, fbarrat,
	linuxppc-dev, clombard

On Wed, Jul 10, 2024 at 06:33:52PM +0800, Ma Ke wrote:
> In read_handle(), of_get_address() may return NULL which is later
> dereferenced. Fix this by adding NULL check.
> 
> Cc: stable@vger.kernel.org
> Fixes: 14baf4d9c739 ("cxl: Add guest-specific code")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Changes in v2:
> - The potential vulnerability was discovered as follows: based on our 
> customized static analysis tool, extract vulnerability features[1], and 
> then match similar vulnerability features in this function.

You need to follow the rules outlined in
Documentation/process/researcher-guidelines.rst when doing stuff like
this.  Otherwise all of your patches will have to be rejected.

Please fix up the changelog text of all of the patches you have
submitted recently to follow those rules.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [v2] cxl: Fix possible null pointer dereference in read_handle()
  2024-07-10 10:33 [PATCH v2] cxl: Fix possible null pointer dereference in read_handle() Ma Ke
  2024-07-10 10:59 ` Greg KH
@ 2024-07-10 13:05 ` Markus Elfring
  1 sibling, 0 replies; 3+ messages in thread
From: Markus Elfring @ 2024-07-10 13:05 UTC (permalink / raw)
  To: make24, linuxppc-dev, kernel-janitors
  Cc: Maxime Ripard, Wei Liu, Christophe Lombard, Arnd Bergmann,
	Greg Kroah-Hartman, LKML, stable, Manoj N. Kumar,
	Aleksandr Mishin, Frederic Barrat, Shuah Khan, Ian Munsie,
	Andrew Donnellan

…
> - The potential vulnerability was discovered as follows: based on our
> customized static analysis tool,

I became curious in which time range further corresponding information will be published.


>                                  extract vulnerability features[1],

Various software corrections were published through the years.

Several error (or weakness) categories are known already.
https://cwe.mitre.org/
https://wiki.sei.cmu.edu/confluence/display/c/


> and then match similar vulnerability features in this function.
> - Reference link:
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2d9adecc88ab678785b581ab021f039372c324cb

Another reference format can be helpful also for the commit c534b63bede6cb987c2946ed4d0b0013a52c5ba7
("drm: vc4: Fix possible null pointer dereference") from 2024-04-15.

Regards,
Markus

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-07-10 13:07 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-10 10:33 [PATCH v2] cxl: Fix possible null pointer dereference in read_handle() Ma Ke
2024-07-10 10:59 ` Greg KH
2024-07-10 13:05 ` [v2] " Markus Elfring

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).