Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3547221pxb; Mon, 24 Jan 2022 11:56:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJyBlSYgRBelkTEuYOafH/kidr45Phb/S8IovSfqBBcHePehnKgvAbdmndW1EuN+KdZYsthL X-Received: by 2002:a63:4557:: with SMTP id u23mr11754388pgk.134.1643054213361; Mon, 24 Jan 2022 11:56:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643054213; cv=none; d=google.com; s=arc-20160816; b=aKzSKsq/atcCae0r0WskW3mg3xzgOmkXjal4Pc1saXhnvywhqv4Be8g5RcxtURu29c FDbl2zRv+B1C5PwrNI9YZoQ2epExc48XSUIPycS1kY5bZdfzyiWGqLcJcfNkNIL3o2QH rk1WwXAK6KKc72iV0gDz+8RIK6jN4bmsa3A6/FcV1HE6y0Wrf6kF/e0EwTDIs+MtpZIa X2o7Y3kg/UjJI+WaBZBEChj9xzN6nqmzBB5CIt1CL2gXn+sDRc0IQ+tNJ2qRWTdy74dA 4KJj9dzp4KCL5aTwElkzzqaEUOROZUUhGUg9Bes+7QENS6xI4EeiA0zNCPOAEBd5ziXx IISA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QrQwc9vxJ7o1wPq1kvZa12i60/KQ1arepnYJ0FsbmxQ=; b=QAKacqXQEo2MrJ5mBViyo+bKwMBW60O3aefxj9lBZpRm4dV5QuF56l7b7t5axYR4/z 6Cv/Upx+aUyEMgZFzDjgJJZETbhP4tI8CFCCtT/7uesXcXb9oYXswBW1iHe49BIhSZVF DwdKbMvwoiv+IgPJqgaQCgDSdq/suzZ+hTOMEg0P7Yv3r3cjy/rAST4J+X2/Sioi3MXa yx2CaQg6hPM3hoyaONRfpTSH7uP+H20HBkvgtVJqHMzo1kaWfkuVqWWADXQIClPYbnuU cFXcPTPMgl5H1C4Y+lFDU/PANCix1l1U4a8i+k6wQax1W63Y4GfGJ7mH+zBmJawCdXv4 MSXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=arAFBWbz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id fw10si232105pjb.4.2022.01.24.11.56.39; Mon, 24 Jan 2022 11:56:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=arAFBWbz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245461AbiAXSui (ORCPT + 99 others); Mon, 24 Jan 2022 13:50:38 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:49624 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245531AbiAXStn (ORCPT ); Mon, 24 Jan 2022 13:49:43 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9B0DAB8121F; Mon, 24 Jan 2022 18:49:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ABB14C340E5; Mon, 24 Jan 2022 18:49:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643050180; bh=WwExldU9G39L2ssPdcPuqzKK5FM6hA2PmC/gQghHkmE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=arAFBWbzB20YeVvl/FNUtFmapyW62sezautw0WludFS7EAZcLzfz2byadfft56Xo8 ugSRB/G2uhNCiTMu/RcnjpiN1WOjVuSHkkVdN8zmWt32XUncanIaY6BakFnoJDui2t WsshAdFYz/B1J2/pDFr6idCf6ic+IczZhph218ys= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhou Qingyang , Dominik Brodowski , Sasha Levin Subject: [PATCH 4.4 035/114] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() Date: Mon, 24 Jan 2022 19:42:10 +0100 Message-Id: <20220124183928.201248888@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124183927.095545464@linuxfoundation.org> References: <20220124183927.095545464@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhou Qingyang [ Upstream commit 977d2e7c63c3d04d07ba340b39987742e3241554 ] In nonstatic_find_mem_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_PCCARD_NONSTATIC=y show no new warnings, and our static analyzer no longer warns about this code. Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module") Signed-off-by: Zhou Qingyang Signed-off-by: Dominik Brodowski Signed-off-by: Sasha Levin --- drivers/pcmcia/rsrc_nonstatic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c index 4d244014f423f..2e96d9273b780 100644 --- a/drivers/pcmcia/rsrc_nonstatic.c +++ b/drivers/pcmcia/rsrc_nonstatic.c @@ -815,6 +815,9 @@ static struct resource *nonstatic_find_mem_region(u_long base, u_long num, unsigned long min, max; int ret, i, j; + if (!res) + return NULL; + low = low || !(s->features & SS_CAP_PAGE_REGS); data.mask = align - 1; -- 2.34.1