Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp6832503ybh; Thu, 8 Aug 2019 06:24:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqzV94avoe+GbXfwM3jRmK52JbZ8Zyb3kWq3+f8ocWgIdmmSggY0xm3F1FVO4vEiEBh/F+NJ X-Received: by 2002:a17:90a:3225:: with SMTP id k34mr4010880pjb.31.1565270647869; Thu, 08 Aug 2019 06:24:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565270647; cv=none; d=google.com; s=arc-20160816; b=BzDCoNrlkc39AojIlStvAQTLMp9u3l97Zs12DUxVR3LHgy2jCeIzmAy8gzQVrur4i2 S06VLpnVvdK6nLlcdbmZ6YgjVbeaf8h3HBrmGmAIbnm1V4HRUTnEBQ9szzBZ5RSJaZV1 l+TtKiBhUHrFCxQtFA4D76mpiEwZRxU02r0kaqXNiGsaKTuVW+nBVDEadwdoDuqvai+g yd4Gie/xQUoNFJ1Ox1NuH/OZV5BC+rBbYNmyWlD2ZRwVJqt8aCaykPyPYloPGFJdEFNK lBOvXFfCM8xROzVvGa9ElO5xh3ye/DOhh57FF4PmegMdSM0mDOjLn6LqF67AbL5q+e3L 9Nwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=W6CSHElA/nidrQxzn7wtjQAleuc5tWxFnFiAzVEF9Sk=; b=l8RmUacqMav0EOmZxGyS228sqK42rxgrwDrrccj48cvwYcGT/fIa9nZbKfrGpOSf4e 5mntC6oYDl8HAy79rOuCUUIxHZihZdj0pWq8HbmyUYuQx5cBPoCJbMDZDbviX68vbT2W 2OsDcLkCVwvsGnddOwe41ptBMAQH3lqoK6YLcJWTHIIuyNtGMxNxolgoUOaOc6w8AOGG 2BWgtzYxOKRVOvgFyIkbyw3DH89NhSxqA/YEDocnQZz8z5JSkihV8TlRBWwJTR93qJdu Y33pBKvK8RUOdRsx4M6Dr4kng0CEsdJo37WAH5fRF7Q2mOkUY4Y9Jwkln+SIV4vs5Nvq wv+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CfuZkLuf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c13si3678301pfr.36.2019.08.08.06.23.52; Thu, 08 Aug 2019 06:24:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CfuZkLuf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732925AbfHHNWx (ORCPT + 99 others); Thu, 8 Aug 2019 09:22:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:59748 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728327AbfHHNWw (ORCPT ); Thu, 8 Aug 2019 09:22:52 -0400 Received: from localhost (unknown [122.178.245.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 980D12171F; Thu, 8 Aug 2019 13:22:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565270572; bh=gRtTbqNQGMilfVLZgzVIN2dGKouuTcp6PKE2RGisMZ8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CfuZkLufkWM94Ez0D0cbwNQHrIlzQRthIovDrrS22TQNSXx90SmYMQPaougEPvAZs FBNvUm6i4QzjYxkbxH8VZM483i4Treskd4OiNBrPWnXu/yLeESS+GlXy2Izt4fe2GY q5m4EPWA38HRMBXNmcdoZDHknDQ74mRKzF4qRegk= Date: Thu, 8 Aug 2019 18:51:40 +0530 From: Vinod Koul To: Jia-Ju Bai Cc: dan.j.williams@intel.com, dmaengine@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] dma: mv_xor: Fix a possible null-pointer dereference in mv_xor_prep_dma_xor() Message-ID: <20190808132140.GZ12733@vkoul-mobl.Dlink> References: <20190727093027.11781-1-baijiaju1990@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190727093027.11781-1-baijiaju1990@gmail.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27-07-19, 17:30, Jia-Ju Bai wrote: > In mv_xor_prep_dma_xor(), there is an if statement on line 577 to check > whether sw_desc is NULL: > if (sw_desc) > > When sw_desc is NULL, it is used on line 594: > dev_dbg(..., sw_desc, &sw_desc->async_tx); > > Thus, a possible null-pointer dereference may occur. > > To fix this bug, sw_desc is checked before being used. > > This bug is found by a static analysis tool STCheck written by us. > > Signed-off-by: Jia-Ju Bai > --- > drivers/dma/mv_xor.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/dma/mv_xor.c b/drivers/dma/mv_xor.c > index 0ac8e7b34e12..08c0b2a9eb32 100644 > --- a/drivers/dma/mv_xor.c > +++ b/drivers/dma/mv_xor.c > @@ -589,9 +589,11 @@ mv_xor_prep_dma_xor(struct dma_chan *chan, dma_addr_t dest, dma_addr_t *src, > } > } > > - dev_dbg(mv_chan_to_devp(mv_chan), > - "%s sw_desc %p async_tx %p \n", > - __func__, sw_desc, &sw_desc->async_tx); > + if (sw_desc) { > + dev_dbg(mv_chan_to_devp(mv_chan), > + "%s sw_desc %p async_tx %p \n", > + __func__, sw_desc, &sw_desc->async_tx); > + } why not move this into the preceeding if condition? > return sw_desc ? &sw_desc->async_tx : NULL; > } > > -- > 2.17.0 -- ~Vinod