From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
"Lee, Chun-Yi" <jlee@suse.com>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Sasha Levin <sashal@kernel.org>,
rafael@kernel.org, daniel.lezcano@linaro.org,
srinivas.pandruvada@linux.intel.com, rui.zhang@intel.com,
dave@stgolabs.net, sumeet.r.pawnikar@intel.com,
chuansheng.liu@intel.com, keescook@chromium.org,
dan.carpenter@oracle.com, linux-pm@vger.kernel.org
Subject: [PATCH AUTOSEL 5.19 22/33] thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
Date: Tue, 30 Aug 2022 13:18:13 -0400 [thread overview]
Message-ID: <20220830171825.580603-22-sashal@kernel.org> (raw)
In-Reply-To: <20220830171825.580603-1-sashal@kernel.org>
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
[ Upstream commit 7931e28098a4c1a2a6802510b0cbe57546d2049d ]
In some case, the GDDV returns a package with a buffer which has
zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).
Then the data_vault_read() got NULL point dereference problem when
accessing the 0x10 value in data_vault.
[ 71.024560] BUG: kernel NULL pointer dereference, address:
0000000000000010
This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or
NULL value in data_vault.
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c
index 80d4e0676083a..365489bf4b8c1 100644
--- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c
+++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c
@@ -527,7 +527,7 @@ static void int3400_setup_gddv(struct int3400_thermal_priv *priv)
priv->data_vault = kmemdup(obj->package.elements[0].buffer.pointer,
obj->package.elements[0].buffer.length,
GFP_KERNEL);
- if (!priv->data_vault)
+ if (ZERO_OR_NULL_PTR(priv->data_vault))
goto out_free;
bin_attr_data_vault.private = priv->data_vault;
@@ -597,7 +597,7 @@ static int int3400_thermal_probe(struct platform_device *pdev)
goto free_imok;
}
- if (priv->data_vault) {
+ if (!ZERO_OR_NULL_PTR(priv->data_vault)) {
result = sysfs_create_group(&pdev->dev.kobj,
&data_attribute_group);
if (result)
@@ -615,7 +615,8 @@ static int int3400_thermal_probe(struct platform_device *pdev)
free_sysfs:
cleanup_odvp(priv);
if (priv->data_vault) {
- sysfs_remove_group(&pdev->dev.kobj, &data_attribute_group);
+ if (!ZERO_OR_NULL_PTR(priv->data_vault))
+ sysfs_remove_group(&pdev->dev.kobj, &data_attribute_group);
kfree(priv->data_vault);
}
free_uuid:
@@ -647,7 +648,7 @@ static int int3400_thermal_remove(struct platform_device *pdev)
if (!priv->rel_misc_dev_res)
acpi_thermal_rel_misc_device_remove(priv->adev->handle);
- if (priv->data_vault)
+ if (!ZERO_OR_NULL_PTR(priv->data_vault))
sysfs_remove_group(&pdev->dev.kobj, &data_attribute_group);
sysfs_remove_group(&pdev->dev.kobj, &uuid_attribute_group);
sysfs_remove_group(&pdev->dev.kobj, &imok_attribute_group);
--
2.35.1
next prev parent reply other threads:[~2022-08-30 17:22 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-30 17:17 [PATCH AUTOSEL 5.19 01/33] firmware: dmi: Use the proper accessor for the version field Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 02/33] scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 03/33] scsi: core: Allow the ALUA transitioning state enough time Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 04/33] scsi: megaraid_sas: Fix double kfree() Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 05/33] drm/vc4: hdmi: Depends on CONFIG_PM Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 06/33] drm/vc4: hdmi: Rework power up Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 07/33] drm/gem: Fix GEM handle release errors Sasha Levin
2022-08-30 17:17 ` [PATCH AUTOSEL 5.19 08/33] perf/x86/core: Set pebs_capable and PMU_FL_PEBS_ALL for the Baseline Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 09/33] drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 10/33] drm/amdgpu: fix hive reference leak when adding xgmi device Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 11/33] drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 12/33] drm/amdgpu: Remove the additional kfd pre reset call for sriov Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 13/33] drm/radeon: add a force flush to delay work when radeon Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 14/33] scsi: ufs: core: Reduce the power mode change timeout Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 15/33] Revert "parisc: Show error if wrong 32/64-bit compiler is being used" Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 16/33] parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 17/33] parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 18/33] arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 19/33] arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 20/33] arm64/signal: Raise limit on stack frames Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 21/33] netfilter: conntrack: work around exceeded receive window Sasha Levin
2022-08-30 17:18 ` Sasha Levin [this message]
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 23/33] cpufreq: check only freq_table in __resolve_freq() Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 24/33] fec: Restart PPS after link state change Sasha Levin
2022-08-31 13:02 ` Csókás Bence
2022-09-09 1:21 ` Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 25/33] net/core/skbuff: Check the return value of skb_copy_bits() Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 26/33] md: Flush workqueue md_rdev_misc_wq in md_alloc() Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 27/33] fbdev: omapfb: Fix tests for platform_get_irq() failure Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 28/33] fbdev: fb_pm2fb: Avoid potential divide by zero error Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 29/33] fbdev: fbcon: Destroy mutex on freeing struct fb_info Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 30/33] fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 31/33] x86/sev: Mark snp_abort() noreturn Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 32/33] drm/amdgpu: add sdma instance check for gfx11 CGCG Sasha Levin
2022-08-30 17:18 ` [PATCH AUTOSEL 5.19 33/33] drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly Sasha Levin
2022-08-30 21:32 ` [PATCH AUTOSEL 5.19 01/33] firmware: dmi: Use the proper accessor for the version field Jean Delvare
2022-08-31 11:50 ` Andy Shevchenko
2022-09-09 1:22 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220830171825.580603-22-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=chuansheng.liu@intel.com \
--cc=dan.carpenter@oracle.com \
--cc=daniel.lezcano@linaro.org \
--cc=dave@stgolabs.net \
--cc=jlee@suse.com \
--cc=joeyli.kernel@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=rui.zhang@intel.com \
--cc=srinivas.pandruvada@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=sumeet.r.pawnikar@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox