* Null-ptr-deref in xcv_init_hw()
@ 2025-03-03 6:48 Kyungwook Boo
0 siblings, 0 replies; only message in thread
From: Kyungwook Boo @ 2025-03-03 6:48 UTC (permalink / raw)
To: Sunil Goutham; +Cc: linux-arm-kernel, linux-kernel
Hello,
It seems that xcv_init_hw() can be called in bgx_probe() regardless of whether
xcv_probe() has been executed, leading to a potential null pointer dereference.
The following is a call stack example:
bgx_probe
├── xcv_init_hw
│ ├── readq_relaxed(xcv->reg_base + XCV_RESET) // NULL pointer dereference
In bgx_probe(), if the PCI device ID matched PCI_DEVICE_ID_THUNDER_RGX,
xcv_init_hw is called:
pci_read_config_word(pdev, PCI_DEVICE_ID, &sdevid);
if (sdevid != PCI_DEVICE_ID_THUNDER_RGX) {
}
else{
xcv_init_hw();
}
However, xcv_init_hw() performs an MMIO read on xcv->reg_base, which is expected
to be initialized by xcv_probe():
cfg = readq_relaxed(xcv->reg_base + XCV_RESET);
Could you check this?
Best regards,
Kyungwook Boo
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-03-03 6:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-03 6:48 Null-ptr-deref in xcv_init_hw() Kyungwook Boo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox