LinuxLists.cc - [PATCH] USB: host: isp116x: check return value after calling platform_get

2022-03-02 07:06:24

Subject: [PATCH] USB: host: isp116x: check return value after calling platform_get_resource()

It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.

Signed-off-by: Zhen Ni <[email protected]>
---
drivers/usb/host/isp116x-hcd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/host/isp116x-hcd.c b/drivers/usb/host/isp116x-hcd.c
index 8835f6bd528e..8c7f0991c21b 100644
--- a/drivers/usb/host/isp116x-hcd.c
+++ b/drivers/usb/host/isp116x-hcd.c
@@ -1541,10 +1541,12 @@ static int isp116x_remove(struct platform_device *pdev)

iounmap(isp116x->data_reg);
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
- release_mem_region(res->start, 2);
+ if (res)
+ release_mem_region(res->start, 2);
iounmap(isp116x->addr_reg);
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- release_mem_region(res->start, 2);
+ if (res)
+ release_mem_region(res->start, 2);

usb_put_hcd(hcd);
return 0;
--
2.20.1

2022-06-06 04:03:13

by Geert Uytterhoeven

[permalink] [raw]

Subject: Re: [PATCH] USB: host: isp116x: check return value after calling platform_get_resource()

Hi Zhen,

On Wed, Mar 2, 2022 at 11:38 PM Zhen Ni <[email protected]> wrote:
> It will cause null-ptr-deref if platform_get_resource() returns NULL,
> we need check the return value.
>
> Signed-off-by: Zhen Ni <[email protected]>

Thanks for your patch, which is now commit 134a3408c2d3f7e2
("USB: host: isp116x: check return value after calling
platform_get_resource()") upstream.

> --- a/drivers/usb/host/isp116x-hcd.c
> +++ b/drivers/usb/host/isp116x-hcd.c
> @@ -1541,10 +1541,12 @@ static int isp116x_remove(struct platform_device *pdev)
>
> iounmap(isp116x->data_reg);
> res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
> - release_mem_region(res->start, 2);
> + if (res)
> + release_mem_region(res->start, 2);
> iounmap(isp116x->addr_reg);
> res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> - release_mem_region(res->start, 2);
> + if (res)
> + release_mem_region(res->start, 2);
>
> usb_put_hcd(hcd);
> return 0;

Please note that platform_get_resource() cannot return NULL here,
as this is the .remove() callback. If we get here, .probe() has
already verified the pointers.

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds