RE: [PATCH] mmc: core: Fix null pointer dereference in bus_shutdown
From: Seunghui Lee
Date: Fri Jan 26 2024 - 00:17:14 EST
> -----Original Message-----
> From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Sent: Friday, January 19, 2024 5:21 PM
> To: Seunghui Lee <sh043.lee@xxxxxxxxxxx>
> Cc: linux-mmc@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> ulf.hansson@xxxxxxxxxx; avri.altman@xxxxxxx; grant.jung@xxxxxxxxxxx;
> jt77.jang@xxxxxxxxxxx; dh0421.hwang@xxxxxxxxxxx; junwoo80.lee@xxxxxxxxxxx;
> jangsub.yi@xxxxxxxxxxx; cw9316.lee@xxxxxxxxxxx; sh8267.baek@xxxxxxxxxxx;
> wkon.kim@xxxxxxxxxxx
> Subject: Re: [PATCH] mmc: core: Fix null pointer dereference in
> bus_shutdown
>
> On Fri, Jan 19, 2024 at 04:32:47PM +0900, Seunghui Lee wrote:
> > When shutting down removable device,
> > it can be occurred null pointer dereference.
>
> How?
>
> And please wrap your lines properly.
>
> > To prevent null pointer dereference,
> > At first, check null pointer.
> > Next, block rescan worker to scan removable device during shutdown.
>
> Why do two things?
>
> >
> > Signed-off-by: Seunghui Lee <sh043.lee@xxxxxxxxxxx>
> > ---
> > drivers/mmc/core/bus.c | 10 +++++++++-
> > 1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/mmc/core/bus.c b/drivers/mmc/core/bus.c index
> > 0af96548e7da..4f370a6577aa 100644
> > --- a/drivers/mmc/core/bus.c
> > +++ b/drivers/mmc/core/bus.c
> > @@ -143,9 +143,17 @@ static void mmc_bus_shutdown(struct device *dev)
> > {
> > struct mmc_driver *drv = to_mmc_driver(dev->driver);
> > struct mmc_card *card = mmc_dev_to_card(dev);
> > - struct mmc_host *host = card->host;
> > + struct mmc_host *host;
> > int ret;
> >
> > + if (!drv || !card) {
> > + pr_debug("%s: drv or card is NULL.\n", dev_name(dev));
>
> What is this going to help with? And why not use dev_dbg()?
>
> How can drv ever be NULL? That looks impossible to me based on just the
> code shown here.
>
> > + return;
> > + }
> > +
> > + host = card->host;
>
> Why is this change needed? This line can go back to the top just fine,
> right?
>
> > + host->rescan_disable = 1;
>
> Shouldn't this be a separate change? And what happens if the check for
> this is right before you set it? Where is the locking to prevent the
> issue you are attempting to solve?
>
> thanks,
>
> greg k-h
I've checked the issue again.
This patch is not the proper solution.
I'll reject this patch.
Hi, Thank you for your comment.