Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2645812pxj; Mon, 10 May 2021 07:40:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx/GRV1tKZcvL/wbtzaTuVYKNnIwk9fW7itsJpfVafmGCQD86deS8S40IhE0vJQbwTrJK46 X-Received: by 2002:aa7:c9cf:: with SMTP id i15mr30089015edt.4.1620657653581; Mon, 10 May 2021 07:40:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620657653; cv=none; d=google.com; s=arc-20160816; b=UC/ju4eBsr3fRoi/otjtBQCHO/fF4N0l/Egz8aDhcaJb9q88ng96cFiNb0VnAwDNuP 2rfgyTopuM/sXf+56pUbeySxwKL6fHDJPkWl+7HHa1HG2VGIxVSwIKvOMVvboYgvsbpc qT4Ochl3qPnwm3NcsRBCsKI64GS4NlV7OfgKXsbY0jU3gtYAXS5VypRURMAbfZV+66XO IKZD6I5ArORvSNBEkFgyAyrFsc4ycVqsWWWWOTDvLs3br6TEEIT/NUEgUB8ctZBsKmSQ idWyO2mnLeQ5z4Iww0qOVInoXweFC1foGz4ysShEexbJPKoF8CQ5Bxyfvb6atsnDIwq7 3HFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=suHlPORZ3bp6niw3SmxMzWpgjKFe31YQ/gqzwbwchhE=; b=Rv5FabJ8gLndlGANqUXxKXKtrZmH2Mo9zV69HsWaQW1BhGW9uBafxHzW1JSCWEocna 4lsHevF6uHTpIf2zmyQhHXRcgraDVJ6eQxH4P6dXuNFgStTZgZJ/SCh9ZwuuVDthLJKz t5tKYfjzgN9x0KAQ11UZvhuK9k6qlF+VOhfC5G+zjMn1Hu50dEHG4Aq4hAwU4zUaUwM3 h5XthmPh/SDkWoMf634gjHYdbhn84+1AxifYQQcMJHkRQ92m49Czoxk7lwPRjEb+xX2C kBySG/DMkzYy8ukauiGZdpMHrbgBDEoU37DIPSEOgFza4sDvRQ1tOQxfhK22A4u8d7lI EKBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=toBIj0Xz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z25si235257ejw.349.2021.05.10.07.40.29; Mon, 10 May 2021 07:40:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=toBIj0Xz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231712AbhEJOkT (ORCPT + 99 others); Mon, 10 May 2021 10:40:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:54258 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231159AbhEJOht (ORCPT ); Mon, 10 May 2021 10:37:49 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id CA3AC61278; Mon, 10 May 2021 14:36:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620657403; bh=mf8DFzyfgaOH7v8vx3Q7uibWS6woT6FrAkjhvPqyz58=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=toBIj0XzYalOJTP3F0ClgNxp84aoAgoeX2n0tkp0z3ZYQ6CA07V3HpYCynOIhFqk3 SrxQDMDp+yo4Q3bpDJ2EKdeYC3mIe488HPU+XGGKbjUggOy/5yXx+vq0OehZbarvLX MpselLlCHJ3neQnFistSgYFIAPsMM+DFCbUqjfDw= Date: Mon, 10 May 2021 16:36:41 +0200 From: Greg Kroah-Hartman To: Tong Zhang Cc: Arnd Bergmann , linux-kernel@vger.kernel.org Subject: Re: [PATCH] misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge Message-ID: References: <20210426220728.1230340-1-ztong0001@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210426220728.1230340-1-ztong0001@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 26, 2021 at 06:07:27PM -0400, Tong Zhang wrote: > the PCI bridge might be NULL, so we'd better check before use it > > [ 1.246492] BUG: kernel NULL pointer dereference, address: 00000000000000c0 > [ 1.248731] RIP: 0010:pci_read_config_byte+0x5/0x40 > [ 1.253998] Call Trace: > [ 1.254131] ? alcor_pci_find_cap_offset.isra.0+0x3a/0x100 [alcor_pci] > [ 1.254476] alcor_pci_probe+0x169/0x2d5 [alcor_pci] > > Signed-off-by: Tong Zhang > --- > drivers/misc/cardreader/alcor_pci.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/misc/cardreader/alcor_pci.c b/drivers/misc/cardreader/alcor_pci.c > index cd402c89189e..1c33453fd5c7 100644 > --- a/drivers/misc/cardreader/alcor_pci.c > +++ b/drivers/misc/cardreader/alcor_pci.c > @@ -102,6 +102,9 @@ static int alcor_pci_find_cap_offset(struct alcor_pci_priv *priv, > u8 val8; > u32 val32; > > + if (!pci) > + return 0; > + > where = ALCOR_CAP_START_OFFSET; > pci_read_config_byte(pci, where, &val8); > if (!val8) > -- > 2.25.1 > I do not understand, how can pci ever be NULL? There is only 1 way this function can be called, and it's through the alcor_pci_probe() call, which should have always set up the parent and pci pointers that get passed to this function. How can that not happen? If it can happen, then something earlier than this should be fixed instead of papering over the root problem here. How did you duplicate the crash you list above? thanks, greg k-h