Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp3562799ioa; Tue, 26 Apr 2022 06:09:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBqNgRt4ZMCmfmoCKUvO5uNj8i4bwAhuYE9ka6uF1Jbr3cHda2fbcnuDiPp0lkfw+I4/oc X-Received: by 2002:a17:906:3ec1:b0:6e8:aae3:90de with SMTP id d1-20020a1709063ec100b006e8aae390demr21277700ejj.127.1650978583968; Tue, 26 Apr 2022 06:09:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650978583; cv=none; d=google.com; s=arc-20160816; b=AFnhPQldco1uRH/No1gOELHgxNuvo2Dmy2xApOIlAwzKhVsGQy9iGhnu0vH9uccOMi xGuE1APY/4YH3BMUoyYSF1NDAA4RhcqP825O/NS5VIbTDpp15QWqYqsUJFpDVMIOnQEF buXmSG4bzbGzcb9YBEfLPS5cTqOA6fYeMYsRDv4M1/3jHscb60yuw8S1TMJ3SluW4s5l btrCWg20o7jrdo8cNP6NUr0fbivjNqWN7t21B24e/JYwjL/tKnlAw/DcpLLnp8zuF0GJ bOx3l1y1Ls8sCYNuqO3My0jrkTKgXSf4A2rFsvjJcIiye1NSbJKVFTgfRPKR3213WilE FPLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=aAkJXYrlfstpqmrrJgH+30w2YtxrX55QY3VYrtfhrzI=; b=XojBtKmgm6Focj242f5hdbQ2lat60X5BO9BRl++aXh/2YwqcwvCRaI9DPn1hfR3FJv dcrjwcMdnca2jfiyJmj562V1DEnM69LHLvtWdX0DXGHHhoL3/unxJ1BldkyH9vqLxdLm bag7UFC9xeebqa2eOGGefOUyPJp7AqqLhJCsJ9/DocbMhSgwYr6Fr+wxx3cdbv2rRpHL P6H2LR0ICFqnaMoz8AsD9Uwo/lSyWXYfn8e7hsfStVU/R0J5dWceb6Gpy81S1g8KJAQ2 nrDfUsOvlh+9IA+Y4F2xoi4qoq/elYIJQRehdH4FqRkQADHNCexPwdMmxWmaCjGDqvps ygCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Nqnr0FJz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m7-20020a056402430700b00425f580ec52si3714144edc.15.2022.04.26.06.09.18; Tue, 26 Apr 2022 06:09:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Nqnr0FJz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236685AbiDYRAS (ORCPT + 99 others); Mon, 25 Apr 2022 13:00:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231725AbiDYRAS (ORCPT ); Mon, 25 Apr 2022 13:00:18 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BC8638DB1 for ; Mon, 25 Apr 2022 09:57:13 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id k27so4011320edk.4 for ; Mon, 25 Apr 2022 09:57:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=aAkJXYrlfstpqmrrJgH+30w2YtxrX55QY3VYrtfhrzI=; b=Nqnr0FJzrtqJAbawcoUNHXs2DlCkhVqT7MoGYI5i7h8MPrttQfbLlTUpCBco1ELBXH InVZOoNwqXhvFl2xfV+aLZysUN23GpJft7FoRKJ4coxoWap/LaPNWx7BIm8S4E9miWkl HNc4jZ8Qr1ta7ym7e4OfGpYD8rtL294FvzoDuVDOR+QzXZYIktzcxmnnLZGKHH26AhbH 5SfegHoM+SlH2afIyHmphCK0QfWbqAi+hHuBDRu9l1A1WEPmkRnYwAtuyEiDLgRUJop2 10B2smFbAE5mDlQ4qYP7UTCthMdIo5d9NipBH1i/g8dEn5VZvi4RjqYElO7KAyOrKjLt pJAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=aAkJXYrlfstpqmrrJgH+30w2YtxrX55QY3VYrtfhrzI=; b=QalPIWO03/yFaclHMvFg8RVm0o1Ialtd5eRI8n/BH12FqkvKkPgIuW5pxMCyKZFjbq tLBWCEbBZOPoCFU5LbSEmWt3hcu9N7te8/IPMXvZxWz3B1VhWHx+Lrx6yanoXXG9pWjF pt7nK80gxyBcfb7CfbBDFATP8B2CuCGJdtt7QFIZQmeFV0IUz7/nmEux4C8cF6v2F0yL oSp5Rn/dc4Rt5A4pHyLsUFUYV8VIZ1tqq/okacxGwlrf1oolNtqNJGvGp/0uwbJDmQsz DHAOmQzkZTttGLPmf//LzDjxnZhHqyiXYysL0WS2+dsP6S4uqdeei/GR8oT8648HISuU oPiQ== X-Gm-Message-State: AOAM533yczb2avc6egxqc95omznAyOXYIeEmURBoex6Z3TlAmfzS3jzA OZtwz1PzwSK4eviue2guNGY++URdSECHcXMfV/5OQQ== X-Received: by 2002:a05:6402:2689:b0:422:15c4:e17e with SMTP id w9-20020a056402268900b0042215c4e17emr20400576edd.33.1650905832063; Mon, 25 Apr 2022 09:57:12 -0700 (PDT) MIME-Version: 1.0 References: <20220418175932.1809770-1-wonchung@google.com> <20220418175932.1809770-2-wonchung@google.com> In-Reply-To: <20220418175932.1809770-2-wonchung@google.com> From: Won Chung Date: Tue, 26 Apr 2022 01:56:55 +0900 Message-ID: Subject: Re: [PATCH 1/2] misc/mei: Add NULL check to component match callback functions To: Heikki Krogerus , Alexander Usyskin , Mika Westerberg , Benson Leung , Prashant Malani , Daniele Ceraolo Spurio , linux-kernel@vger.kernel.org, "Winkler, Tomas" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2022 at 2:59 AM Won Chung wrote: > > Currently, component_match callback functions used in mei refers to the > driver name, assuming that the component device being matched has a > driver bound. It can cause a NULL pointer dereference when a device > without a driver bound registers a component. This is due to the nature > of the component framework where all registered components are matched > in any component_match callback functions. So even if a component is > registered by a totally irrelevant device, that component is also > shared to these callbacks for i915 driver. > > To prevent totally irrelevant device being matched for i915 and causing > a NULL pointer dereference for checking driver name, add a NULL check on > dev->driver to check if there is a driver bound before checking the > driver name. > > In the future, the string compare on the driver name, "i915" may need to > be refactored too. > > Reviewed-by: Heikki Krogerus > Reviewed-by: Prashant Malani > Signed-off-by: Won Chung > --- > drivers/misc/mei/hdcp/mei_hdcp.c | 2 +- > drivers/misc/mei/pxp/mei_pxp.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/misc/mei/hdcp/mei_hdcp.c b/drivers/misc/mei/hdcp/mei_hdcp.c > index ec2a4fce8581..e889a8bd7ac8 100644 > --- a/drivers/misc/mei/hdcp/mei_hdcp.c > +++ b/drivers/misc/mei/hdcp/mei_hdcp.c > @@ -784,7 +784,7 @@ static int mei_hdcp_component_match(struct device *dev, int subcomponent, > { > struct device *base = data; > > - if (strcmp(dev->driver->name, "i915") || > + if (!dev->driver || strcmp(dev->driver->name, "i915") || > subcomponent != I915_COMPONENT_HDCP) > return 0; > > diff --git a/drivers/misc/mei/pxp/mei_pxp.c b/drivers/misc/mei/pxp/mei_pxp.c > index f7380d387bab..5c39457e3f53 100644 > --- a/drivers/misc/mei/pxp/mei_pxp.c > +++ b/drivers/misc/mei/pxp/mei_pxp.c > @@ -131,7 +131,7 @@ static int mei_pxp_component_match(struct device *dev, int subcomponent, > { > struct device *base = data; > > - if (strcmp(dev->driver->name, "i915") || > + if (!dev->driver || strcmp(dev->driver->name, "i915") || > subcomponent != I915_COMPONENT_PXP) > return 0; > > -- > 2.36.0.rc0.470.gd361397f0d-goog > Hi Tomas, I am adding you to this patch since you are the maintainer of MEI. If this looks okay to you, could you also take a look at the comment thread on the cover letter and give an ack if it is okay to be merged into thunderbolt tree? https://lore.kernel.org/all/20220418175932.1809770-1-wonchung@google.com/ Thank you, Won