From: Colin Ian King <[email protected]>
There are calls to idxd_cmd_exec that pass a null status pointer however
a recent commit has added an assignment to *status that can end up
with a null pointer dereference. The function expects a null status
pointer sometimes as there is a later assignment to *status where
status is first null checked. Fix the issue by null checking status
before making the assignment.
Addresses-Coverity: ("Explicit null dereferenced")
Fixes: 89e3becd8f82 ("dmaengine: idxd: check device state before issue command")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/dma/idxd/device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c
index 31c819544a22..78d2dc5e9bd8 100644
--- a/drivers/dma/idxd/device.c
+++ b/drivers/dma/idxd/device.c
@@ -451,7 +451,8 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand,
if (idxd_device_is_halted(idxd)) {
dev_warn(&idxd->pdev->dev, "Device is HALTED!\n");
- *status = IDXD_CMDSTS_HW_ERR;
+ if (status)
+ *status = IDXD_CMDSTS_HW_ERR;
return;
}
--
2.30.2
On 4/15/2021 4:06 AM, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> There are calls to idxd_cmd_exec that pass a null status pointer however
> a recent commit has added an assignment to *status that can end up
> with a null pointer dereference. The function expects a null status
> pointer sometimes as there is a later assignment to *status where
> status is first null checked. Fix the issue by null checking status
> before making the assignment.
>
> Addresses-Coverity: ("Explicit null dereferenced")
> Fixes: 89e3becd8f82 ("dmaengine: idxd: check device state before issue command")
> Signed-off-by: Colin Ian King <[email protected]>
Acked-by: Dave Jiang <[email protected]>
Thanks!
> ---
> drivers/dma/idxd/device.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c
> index 31c819544a22..78d2dc5e9bd8 100644
> --- a/drivers/dma/idxd/device.c
> +++ b/drivers/dma/idxd/device.c
> @@ -451,7 +451,8 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand,
>
> if (idxd_device_is_halted(idxd)) {
> dev_warn(&idxd->pdev->dev, "Device is HALTED!\n");
> - *status = IDXD_CMDSTS_HW_ERR;
> + if (status)
> + *status = IDXD_CMDSTS_HW_ERR;
> return;
> }
>
On 15-04-21, 12:06, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> There are calls to idxd_cmd_exec that pass a null status pointer however
> a recent commit has added an assignment to *status that can end up
> with a null pointer dereference. The function expects a null status
> pointer sometimes as there is a later assignment to *status where
> status is first null checked. Fix the issue by null checking status
> before making the assignment.
Applied, thanks
--
~Vinod