A NULL pointer can be returned by vmci_ctx_get(). Thus add a
corresponding check so that a NULL pointer dereference will
be avoided when acquire a lock in spin_lock.
Signed-off-by: Xiyu Yang <[email protected]>
Signed-off-by: Xin Tan <[email protected]>
---
drivers/misc/vmw_vmci/vmci_context.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/misc/vmw_vmci/vmci_context.c b/drivers/misc/vmw_vmci/vmci_context.c
index 16695366ec92..a20878fba374 100644
--- a/drivers/misc/vmw_vmci/vmci_context.c
+++ b/drivers/misc/vmw_vmci/vmci_context.c
@@ -898,6 +898,8 @@ void vmci_ctx_rcv_notifications_release(u32 context_id,
bool success)
{
struct vmci_ctx *context = vmci_ctx_get(context_id);
+ if (context == NULL)
+ return;
spin_lock(&context->lock);
if (!success) {
--
2.7.4
On Tue, Mar 17, 2020 at 12:36:47AM +0800, Xiyu Yang wrote:
> A NULL pointer can be returned by vmci_ctx_get(). Thus add a
> corresponding check so that a NULL pointer dereference will
> be avoided when acquire a lock in spin_lock.
>
> Signed-off-by: Xiyu Yang <[email protected]>
> Signed-off-by: Xin Tan <[email protected]>
> ---
> drivers/misc/vmw_vmci/vmci_context.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/misc/vmw_vmci/vmci_context.c b/drivers/misc/vmw_vmci/vmci_context.c
> index 16695366ec92..a20878fba374 100644
> --- a/drivers/misc/vmw_vmci/vmci_context.c
> +++ b/drivers/misc/vmw_vmci/vmci_context.c
> @@ -898,6 +898,8 @@ void vmci_ctx_rcv_notifications_release(u32 context_id,
> bool success)
> {
> struct vmci_ctx *context = vmci_ctx_get(context_id);
> + if (context == NULL)
> + return;
But, if you look at the code, context_id is guaranteed to point to a
valid context, right? Or can this somehow get dropped between the last
"get" and this one?
Anyway, the coding style is wrong here, always run checkpatch.pl on your
patches please.
thanks,
greg k-h