Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3534508pxb; Mon, 24 Jan 2022 11:37:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJwy40RQjIx7c44FQLGjY2fcKmeFoi29A72sT4a17wIYjcJbx8ChQYFYeyxaZU7dp3b5aqWP X-Received: by 2002:a63:1e1b:: with SMTP id e27mr12652669pge.348.1643053038893; Mon, 24 Jan 2022 11:37:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643053038; cv=none; d=google.com; s=arc-20160816; b=hONwRGQp9X8lCGG81c+NRWEjp47X3lqXqWJI0p4lZjNscgY9jasM6nn4Ltk/5poOlG aoxVgrZ8kyWncgU+1IaHjiW1h8Eank89YHq4m2tjUyDpAVH/LjqBSNhQUQHkOuGVvBUc e6pRMqmFbTKdeRCM09qndaM64XiJnZ/8MVibu1fJVlRY5qQn4lXabxBa/8vOvmHHkO2R UUHSs2UW8qtaicqvaz33g7RKxwNm2POoSOX2TosD590vtwDTUwJw/zTjgClKdekIRoYx Mt3ZeOBXK2BvOTKFjwoXEDfez/21rn1Irba0kk0HxiY+kM+iTgrkK7gauFNLP4ypXn2e H8vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter :dmarc-filter; bh=ZjxyaAEg9dgyhIAkpzzAptxU/LU+QVbkLgcz/aYUJL0=; b=Rfz8F+Kg7yOvUS7IfGPL3UvxrPxeTpcmnLGRiMm4snD0FLbPsawDgCJ6F7XMhBcRiE t6EGI8dgsVeTM+56tN3Els0nmysXvr7mOw/bdLHaDUWjJybTgioQA2H8z8nUoa05O9VJ Q3SmG0W+cGnichcxduQ0gW/kn7qZOcWn+kx6ZIJ1EFmQ5jkFgQjZIBOIdfB4goHPudDp IBgLlj9gbqwMEbqZ94ZthNdN5zh4CoPottl1okL1TVUinjlq4o/QU+xP0rZYSwVPk3NY oascoju1mvGxXN6lyF++7y1yQvRK6neVzWj/mLB7HAb2NDyRjINYe94g1j83HS3nksKb tVcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=VirmN0SO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c194si1989295pfc.79.2022.01.24.11.37.06; Mon, 24 Jan 2022 11:37:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=VirmN0SO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243800AbiAXQln (ORCPT + 99 others); Mon, 24 Jan 2022 11:41:43 -0500 Received: from mta-p8.oit.umn.edu ([134.84.196.208]:52498 "EHLO mta-p8.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241174AbiAXQlm (ORCPT ); Mon, 24 Jan 2022 11:41:42 -0500 Received: from localhost (unknown [127.0.0.1]) by mta-p8.oit.umn.edu (Postfix) with ESMTP id 4JjG393q2Rz9vKMM for ; Mon, 24 Jan 2022 16:41:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p8.oit.umn.edu ([127.0.0.1]) by localhost (mta-p8.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LyBRGfAocl05 for ; Mon, 24 Jan 2022 10:41:41 -0600 (CST) Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p8.oit.umn.edu (Postfix) with ESMTPS id 4JjG391gYlz9vKMN for ; Mon, 24 Jan 2022 10:41:41 -0600 (CST) DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p8.oit.umn.edu 4JjG391gYlz9vKMN DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p8.oit.umn.edu 4JjG391gYlz9vKMN Received: by mail-pl1-f197.google.com with SMTP id p17-20020a170903249100b0014af06caa65so3598938plw.6 for ; Mon, 24 Jan 2022 08:41:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ZjxyaAEg9dgyhIAkpzzAptxU/LU+QVbkLgcz/aYUJL0=; b=VirmN0SOTo8kwAsb6NJ8f0My6angxwwfXPytMw1MiWvZSTJvH+k60e1XJyHLwmUJ8I gb0dYxOJhTRm6FHSjRNj1F6BYyfFQ8+rziWRzJ00cmkMG234HWQcyUGZn5QJtTbt/0x5 WbHHVlcfwvqCi20uI+e6uqC7Qe1Eo2tLyk+amiDmu4D5peJpc9psf3Irx6gq3vG41A0C FIAlbksV75hxBifi+VXqDsxG/vbBE68AVFX6uEYDWAe+mYQwZ8A+Pc4O0JHjfAlsM/mJ 4xTil0FcCZpFLqjqcbEgxhd0Ryw/MGyG3tq1qmv37KkJPwdGE8iTmytU4kXKL8ky7oxJ COMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ZjxyaAEg9dgyhIAkpzzAptxU/LU+QVbkLgcz/aYUJL0=; b=y3LlT+90Csz3CPhwC4SoMSVtaz/6jUaWccUIU/yUbrEHNmlZfDnxmRBma7t8JXlKkW a3ABoaypQcTBtH9t16Tp2QpcJY5GkDnYZlpJtV5LlFnDHSUPjA9p/0g5uZ/LS2ZYnSsv Cayv2S2FnfX93/KmlkYX1AR1K78dNM9u/lMNN/CTh2KHT/DPGt4L6MzH1vOT/7n9Zl6/ yHZ6Fdrt7ygYVAQnbknXqesVGitCpc6XJIpOH6YGejII0y1yj2HC61ZgHqflZIO7cavt xlAUO9+c5ZGZ2C7G/q069uvdnbllYQwKz/RJSq5yEBALIbW3cem6ElCh5sbL0n3fFvH0 7SFQ== X-Gm-Message-State: AOAM530ahC/yqpW1Notoh8COs9GuBcGHRTdfftFdx/j7AnZhDfc6s8Dx 40LaRhw+BbqfYPXa8Mat7Fpf0/+PIWgeexMVtsbtIeT1vWMFDPEOoZCgrvIYbfGMeS+/hwquEkC +SbTa61vO26QAV/fXYU9CD4+cNTt2 X-Received: by 2002:a17:90a:3f09:: with SMTP id l9mr2728753pjc.38.1643042500403; Mon, 24 Jan 2022 08:41:40 -0800 (PST) X-Received: by 2002:a17:90a:3f09:: with SMTP id l9mr2728731pjc.38.1643042500108; Mon, 24 Jan 2022 08:41:40 -0800 (PST) Received: from zqy787-GE5S.lan ([36.4.61.248]) by smtp.gmail.com with ESMTPSA id my11sm11680862pjb.35.2022.01.24.08.41.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Jan 2022 08:41:39 -0800 (PST) From: Zhou Qingyang To: zhou1615@umn.edu Cc: kjlu@umn.edu, "Rafael J. Wysocki" , Len Brown , Lv Zheng , linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] ACPI: OSL: Fix a NULL pointer dereference in extlog_init(). Date: Tue, 25 Jan 2022 00:41:34 +0800 Message-Id: <20220124164134.52046-1-zhou1615@umn.edu> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In extlog_init(), acpi_os_map_iomem() is assigned to extlog_l1_hdr and there is a dereference of it through l1_head. on the failure of acpi_os_map_iomem(), the return value of it could be NULL, which may introduce a NULL pointer dereference. Fix this bug by adding a NULL check of extlog_l1_hdr. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code. Fixes: a238317ce818 ("ACPI: Clean up acpi_os_map/unmap_memory() to eliminate __iomem.") Signed-off-by: Zhou Qingyang --- The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. drivers/acpi/acpi_extlog.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/acpi/acpi_extlog.c b/drivers/acpi/acpi_extlog.c index 72f1fb77abcd..2187ac23d3d4 100644 --- a/drivers/acpi/acpi_extlog.c +++ b/drivers/acpi/acpi_extlog.c @@ -239,6 +239,12 @@ static int __init extlog_init(void) } extlog_l1_hdr = acpi_os_map_iomem(l1_dirbase, l1_hdr_size); + if (!extlog_l1_hdr) { + rc = -ENOMEM; + release_mem_region(l1_dirbase, l1_hdr_size); + goto err; + } + l1_head = (struct extlog_l1_head *)extlog_l1_hdr; l1_size = l1_head->total_len; l1_percpu_entry = l1_head->entries; -- 2.25.1