Re: [PATCH v2] mmc: sdhci-pxav3: Fix potential NULL dereference in sdhci_pxav3_probe

From: Adrian Hunter
Date: Wed Jul 10 2024 - 07:41:24 EST

Next message: Peter Zijlstra: "Re: [PATCH 3/6] sched_ext: Make @rf optional for dispatch_to_local_dsq()"
Previous message: Rayyan Ansari: "[PATCH v2 2/2] ASoC: dt-bindings: qcom,apq8096-sndcard: use dtschema"
In reply to: Ma Ke: "[PATCH v2] mmc: sdhci-pxav3: Fix potential NULL dereference in sdhci_pxav3_probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/07/24 13:59, Ma Ke wrote:
> In sdhci_pxav3_probe(), mv_mbus_dram_info() returns NULL if
> CONFIG_PLAT_ORION macro is not defined[1]. Fix this bug by adding NULL
> check.

As was commented last time, there already is a NULL check in
mv_conf_mbus_windows(). Another check is not necessary.

>
> Fixes: aa8165f91442 ("mmc: sdhci-pxav3: do the mbus window configuration after enabling clocks")
> Signed-off-by: Ma Ke <make24@xxxxxxxxxxx>
> ---
> Changes in v2:
> - refined the vulnerability description;

Referencing a link not actually in the commit message

> - provided similar vulnerability's reference link[2].

Not the same because in that case dram was dereferenced
without checking first.

> Reference link:
> [1] https://github.com/torvalds/linux/blob/34afb82a3c67f869267a26f593b6f8fc6bf35905/include/linux/mbus.h#L65
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d48d0c5fd733bd6d8d3ddb2ed553777ab4724169
> ---
> drivers/mmc/host/sdhci-pxav3.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
> index 3af43ac05825..ac89cb2eb9f6 100644
> --- a/drivers/mmc/host/sdhci-pxav3.c
> +++ b/drivers/mmc/host/sdhci-pxav3.c
> @@ -375,6 +375,7 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
> struct sdhci_host *host = NULL;
> struct sdhci_pxa *pxa = NULL;
> const struct of_device_id *match;
> + const struct mbus_dram_target_info *dram;
> int ret;
>
> host = sdhci_pltfm_init(pdev, &sdhci_pxav3_pdata, sizeof(*pxa));
> @@ -406,7 +407,12 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
> ret = armada_38x_quirks(pdev, host);
> if (ret < 0)
> goto err_mbus_win;
> - ret = mv_conf_mbus_windows(pdev, mv_mbus_dram_info());
> + dram = mv_mbus_dram_info();
> + if (!dram) {
> + ret = 0;
> + goto err_mbus_win;
> + }
> + ret = mv_conf_mbus_windows(pdev, dram);
> if (ret < 0)
> goto err_mbus_win;
> }

Next message: Peter Zijlstra: "Re: [PATCH 3/6] sched_ext: Make @rf optional for dispatch_to_local_dsq()"
Previous message: Rayyan Ansari: "[PATCH v2 2/2] ASoC: dt-bindings: qcom,apq8096-sndcard: use dtschema"
In reply to: Ma Ke: "[PATCH v2] mmc: sdhci-pxav3: Fix potential NULL dereference in sdhci_pxav3_probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]