Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3326098pxf; Mon, 5 Apr 2021 09:05:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJytptT7rrSb6TxuwMoECzPLhz8tNfh0NvOhUZ0jOoo4cvZHew4te9yRd82M1Aw3wTiqUDxA X-Received: by 2002:a1c:9dcf:: with SMTP id g198mr15886104wme.161.1617638751401; Mon, 05 Apr 2021 09:05:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617638751; cv=none; d=google.com; s=arc-20160816; b=MZ3G0mAO/jZuBF3cA/PfXjh47bLizfzGhVv3FmRxeP1f1v8waeeKeJEDJEmxs08JS/ IoofDdu/P/++uFb3qU5Hca420s502ttW3jl652qy1hz/+6lesEDeb3xuNAecERlCOdam Jkkrml5Mq1DPK4xVXogmhSwkmTBwRl9b3//Qd+pmif0batD6PrVVTOjtqy8BOoi+Wvbr hSzz6CiTYv+jSXDTPZNTNd8gaHW/dvoGe657ZEUMxekzHYXll1dRlXU+o5WSKNRex2HA 0mO2KBmc9GET+WO8LJtcg9952rkMmfrTNGAB3dEfr6ghI8C8DKC1GCkKursBYZkSGEfh CvJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QZaYXgfLOGEk6BiHyga3ug5jqYCxsP77XGULT7GjhIo=; b=cZusnqLQO+hzqSmdDj4cCItz9m5AlnApnJ3GFb+41cTXm7GK+AFNu9IELqkGhe+ymn zRYYkhKtSDJrPswRXiJkrHuAAxBZuernRMvuvUdU9FWPw4O9Y8no78ygFcwRpPj0iQ2P 6J8cUQ7BOv/p8XIFPoZWb71B6+s0qJGfRKIlqkvuUe8oT9nMo0lgn7OEhSJt7KMAGX6E Vk/Lp+6Z598Iq/A1FG5P0BS5DlgKb3fPmIB/mnAY/d6KexefUm3aldanCLgxRBpLYmra wu5lK+V4imvJi9DYr3qvUQ/a9zt8GLJuzSfwJuTVeN3ixQEJm3NrTHg60q55zo1NwUnJ xDvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=s2IOM19G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v23si2804776ejb.619.2021.04.05.09.05.26; Mon, 05 Apr 2021 09:05:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=s2IOM19G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238720AbhDEJKc (ORCPT + 99 others); Mon, 5 Apr 2021 05:10:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:53186 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238390AbhDEJIE (ORCPT ); Mon, 5 Apr 2021 05:08:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9925D613AC; Mon, 5 Apr 2021 09:07:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617613677; bh=aDzj3goqQpxKghqWKcK35KB5t5dz8Pg3QrQHXyAMesg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s2IOM19GCaxHAeUoTAxOrCEN73elCjPOeIn0xx006vFK2npoNmDdTrkYJDS5tL0Ij O+7/B7KGduItVIMFwtAwc/MnCG01QKY9kyL3OlMaeW/UoOctkWIySBYzBYr3MV7875 3QW8Nkx2Bc9on9EBl3wgjnohf9CAhlrLD3szoGaY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tong Zhang , "David S. Miller" , Sasha Levin Subject: [PATCH 5.10 052/126] net: wan/lmc: unregister device when no matching device is found Date: Mon, 5 Apr 2021 10:53:34 +0200 Message-Id: <20210405085032.754794534@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210405085031.040238881@linuxfoundation.org> References: <20210405085031.040238881@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tong Zhang [ Upstream commit 62e69bc419772638369eff8ff81340bde8aceb61 ] lmc set sc->lmc_media pointer when there is a matching device. However, when no matching device is found, this pointer is NULL and the following dereference will result in a null-ptr-deref. To fix this issue, unregister the hdlc device and return an error. [ 4.569359] BUG: KASAN: null-ptr-deref in lmc_init_one.cold+0x2b6/0x55d [lmc] [ 4.569748] Read of size 8 at addr 0000000000000008 by task modprobe/95 [ 4.570102] [ 4.570187] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7 #94 [ 4.570527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-preb4 [ 4.571125] Call Trace: [ 4.571261] dump_stack+0x7d/0xa3 [ 4.571445] kasan_report.cold+0x10c/0x10e [ 4.571667] ? lmc_init_one.cold+0x2b6/0x55d [lmc] [ 4.571932] lmc_init_one.cold+0x2b6/0x55d [lmc] [ 4.572186] ? lmc_mii_readreg+0xa0/0xa0 [lmc] [ 4.572432] local_pci_probe+0x6f/0xb0 [ 4.572639] pci_device_probe+0x171/0x240 [ 4.572857] ? pci_device_remove+0xe0/0xe0 [ 4.573080] ? kernfs_create_link+0xb6/0x110 [ 4.573315] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0 [ 4.573598] really_probe+0x161/0x420 [ 4.573799] driver_probe_device+0x6d/0xd0 [ 4.574022] device_driver_attach+0x82/0x90 [ 4.574249] ? device_driver_attach+0x90/0x90 [ 4.574485] __driver_attach+0x60/0x100 [ 4.574694] ? device_driver_attach+0x90/0x90 [ 4.574931] bus_for_each_dev+0xe1/0x140 [ 4.575146] ? subsys_dev_iter_exit+0x10/0x10 [ 4.575387] ? klist_node_init+0x61/0x80 [ 4.575602] bus_add_driver+0x254/0x2a0 [ 4.575812] driver_register+0xd3/0x150 [ 4.576021] ? 0xffffffffc0018000 [ 4.576202] do_one_initcall+0x84/0x250 [ 4.576411] ? trace_event_raw_event_initcall_finish+0x150/0x150 [ 4.576733] ? unpoison_range+0xf/0x30 [ 4.576938] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 [ 4.577219] ? unpoison_range+0xf/0x30 [ 4.577423] ? unpoison_range+0xf/0x30 [ 4.577628] do_init_module+0xf8/0x350 [ 4.577833] load_module+0x3fe6/0x4340 [ 4.578038] ? vm_unmap_ram+0x1d0/0x1d0 [ 4.578247] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 [ 4.578526] ? module_frob_arch_sections+0x20/0x20 [ 4.578787] ? __do_sys_finit_module+0x108/0x170 [ 4.579037] __do_sys_finit_module+0x108/0x170 [ 4.579278] ? __ia32_sys_init_module+0x40/0x40 [ 4.579523] ? file_open_root+0x200/0x200 [ 4.579742] ? do_sys_open+0x85/0xe0 [ 4.579938] ? filp_open+0x50/0x50 [ 4.580125] ? exit_to_user_mode_prepare+0xfc/0x130 [ 4.580390] do_syscall_64+0x33/0x40 [ 4.580586] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 4.580859] RIP: 0033:0x7f1a724c3cf7 [ 4.581054] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d6 48 891 [ 4.582043] RSP: 002b:00007fff44941c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 4.582447] RAX: ffffffffffffffda RBX: 00000000012ada70 RCX: 00007f1a724c3cf7 [ 4.582827] RDX: 0000000000000000 RSI: 00000000012ac9e0 RDI: 0000000000000003 [ 4.583207] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 [ 4.583587] R10: 00007f1a72527300 R11: 0000000000000246 R12: 00000000012ac9e0 [ 4.583968] R13: 0000000000000000 R14: 00000000012acc90 R15: 0000000000000001 [ 4.584349] ================================================================== Signed-off-by: Tong Zhang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/wan/lmc/lmc_main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wan/lmc/lmc_main.c b/drivers/net/wan/lmc/lmc_main.c index 36600b0a0ab0..1ee4c8a90632 100644 --- a/drivers/net/wan/lmc/lmc_main.c +++ b/drivers/net/wan/lmc/lmc_main.c @@ -901,6 +901,8 @@ static int lmc_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) break; default: printk(KERN_WARNING "%s: LMC UNKNOWN CARD!\n", dev->name); + unregister_hdlc_device(dev); + return -EIO; break; } -- 2.30.1