| Message ID | 20240710103352.1890726-1-make24@iscas.ac.cn (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [v2] cxl: Fix possible null pointer dereference in read_handle() | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/github-powerpc_clang | success | Successfully ran 5 jobs. |
| snowpatch_ozlabs/github-powerpc_sparse | success | Successfully ran 4 jobs. |
| snowpatch_ozlabs/github-powerpc_kernel_qemu | success | Successfully ran 21 jobs. |
On Wed, Jul 10, 2024 at 06:33:52PM +0800, Ma Ke wrote: > In read_handle(), of_get_address() may return NULL which is later > dereferenced. Fix this by adding NULL check. > > Cc: stable@vger.kernel.org > Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") > Signed-off-by: Ma Ke <make24@iscas.ac.cn> > --- > Changes in v2: > - The potential vulnerability was discovered as follows: based on our > customized static analysis tool, extract vulnerability features[1], and > then match similar vulnerability features in this function. You need to follow the rules outlined in Documentation/process/researcher-guidelines.rst when doing stuff like this. Otherwise all of your patches will have to be rejected. Please fix up the changelog text of all of the patches you have submitted recently to follow those rules. thanks, greg k-h
… > - The potential vulnerability was discovered as follows: based on our > customized static analysis tool, I became curious in which time range further corresponding information will be published. > extract vulnerability features[1], Various software corrections were published through the years. Several error (or weakness) categories are known already. https://cwe.mitre.org/ https://wiki.sei.cmu.edu/confluence/display/c/ > and then match similar vulnerability features in this function. > - Reference link: > [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2d9adecc88ab678785b581ab021f039372c324cb Another reference format can be helpful also for the commit c534b63bede6cb987c2946ed4d0b0013a52c5ba7 ("drm: vc4: Fix possible null pointer dereference") from 2024-04-15. Regards, Markus
diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) /* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL; /* Helper to read a big number; size is in cells (not bytes) */
In read_handle(), of_get_address() may return NULL which is later dereferenced. Fix this by adding NULL check. Cc: stable@vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke <make24@iscas.ac.cn> --- Changes in v2: - The potential vulnerability was discovered as follows: based on our customized static analysis tool, extract vulnerability features[1], and then match similar vulnerability features in this function. - Reference link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2d9adecc88ab678785b581ab021f039372c324cb --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)