Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5208052rwb;
        Wed, 17 Aug 2022 13:07:04 -0700 (PDT)
X-Google-Smtp-Source: AA6agR61dsx7NLisW5IoK4qJdGnbazQkX0k7e5flbkNNPs+IVT9oXjytIU98oWFPF2G4scuUCFgY
X-Received: by 2002:a17:907:6e08:b0:731:83a3:58b6 with SMTP id sd8-20020a1709076e0800b0073183a358b6mr18052973ejc.12.1660766823992;
        Wed, 17 Aug 2022 13:07:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660766823; cv=none;
        d=google.com; s=arc-20160816;
        b=gmU+HwNqyhASKF5V5VSB9IggeJaaHCVNJgB857iIsz08OPJ5s5lgG/RSsGYWBuRlRn
         sqWZqfCyg8PKQ8Za0vTi2CIA+YtXhEG6e57NFdh7nQRBUTDmYyY/7UKmcAaygYmTb6Jn
         uW6KOd9Sv0zvTw8p0eEqAaZTQ4O+TLEyxdbJujb40zBDWD23iUsPn5PnUtPpT99UQfAT
         hJXkfFoYutEeNkkitjXUtYhlKNTdF2OwapjrTFjM7FCENDFTuu8wBeSTceBcTNWa05WF
         6U4OCCfb47VXxZaV8yd7tf2fWZiPNzb2otkSvp9Z0anTk2aNAW+eARO9CKGscqwD53HU
         1jOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:user-agent:date:message-id:organization:subject:from
         :to;
        bh=eGr+yQcXDuRt9R10UVLAWOjWQf/SfNa50bky8Tk04iU=;
        b=oNwjcNQ4SMFTKOF0V7tzOHgtY0dYKnfLBmgMjNRRkziUxzhQeaaegJGdneNSt9qi7H
         95TAPw9EG+qUra8EbTEylY7n+8QbQxJVr0F+AplrH0GJ+/B71RbagRi/gjoi7gaxOko/
         DJ88kkBfhJSeaRkBDdje6xaqL2LbkttWBSIgmt8tv+QqMY47t0KGKuKEV9g/dT66/1HM
         lHm0r/iUIvJz67dBRoKyYurrym7LvM031U6pPrhNUB0UEr0YV//wr5lG7r9CyIfFr39r
         3DywXJbKaiM5lWgc9XoYNI39YXM1vTdy/V/juUht1vwOq7RhgQ69JiuAPqPZ75wf5EHC
         cvaw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i17-20020aa7c711000000b0043bd7459cf9si11673596edq.314.2022.08.17.13.06.37;
        Wed, 17 Aug 2022 13:07:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241364AbiHQUA6 (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Wed, 17 Aug 2022 16:00:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40370 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230219AbiHQUA4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Aug 2022 16:00:56 -0400
Received: from mx01.omp.ru (mx01.omp.ru [90.154.21.10])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B89F1A4B3A
        for <linux-kernel@vger.kernel.org>; Wed, 17 Aug 2022 13:00:54 -0700 (PDT)
Received: from [192.168.1.103] (178.176.74.220) by msexch01.omp.ru
 (10.188.4.12) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.986.14; Wed, 17 Aug
 2022 23:00:45 +0300
To:     Thomas Gleixner <tglx@linutronix.de>,
        <linux-kernel@vger.kernel.org>
From:   Sergey Shtylyov <s.shtylyov@omp.ru>
Subject: [PATCH] irq: ipi: fix NULL pointer deref in
 irq_data_get_affinity_mask()
Organization: Open Mobile Platform
Message-ID: <b541232d-c2b6-1fe9-79b4-a7129459e4d0@omp.ru>
Date:   Wed, 17 Aug 2022 23:00:45 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [178.176.74.220]
X-ClientProxiedBy: msexch01.omp.ru (10.188.4.12) To msexch01.omp.ru
 (10.188.4.12)
X-KSE-ServerInfo: msexch01.omp.ru, 9
X-KSE-AntiSpam-Interceptor-Info: scan successful
X-KSE-AntiSpam-Version: 5.9.20, Database issued on: 08/17/2022 19:45:51
X-KSE-AntiSpam-Status: KAS_STATUS_NOT_DETECTED
X-KSE-AntiSpam-Method: none
X-KSE-AntiSpam-Rate: 59
X-KSE-AntiSpam-Info: Lua profiles 172277 [Aug 17 2022]
X-KSE-AntiSpam-Info: Version: 5.9.20.0
X-KSE-AntiSpam-Info: Envelope from: s.shtylyov@omp.ru
X-KSE-AntiSpam-Info: LuaCore: 495 495 bb4e71e2e9e23696ab912b286436360a94c9b107
X-KSE-AntiSpam-Info: {rep_avail}
X-KSE-AntiSpam-Info: {Tracking_from_domain_doesnt_match_to}
X-KSE-AntiSpam-Info: {relay has no DNS name}
X-KSE-AntiSpam-Info: {SMTP from is not routable}
X-KSE-AntiSpam-Info: {Found in DNSBL: 178.176.74.220 in (user)
 b.barracudacentral.org}
X-KSE-AntiSpam-Info: d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;178.176.74.220:7.7.3,7.4.1;127.0.0.199:7.1.2;omp.ru:7.1.1
X-KSE-AntiSpam-Info: {iprep_blacklist}
X-KSE-AntiSpam-Info: ApMailHostAddress: 178.176.74.220
X-KSE-AntiSpam-Info: {DNS response errors}
X-KSE-AntiSpam-Info: Rate: 59
X-KSE-AntiSpam-Info: Status: not_detected
X-KSE-AntiSpam-Info: Method: none
X-KSE-AntiSpam-Info: Auth:dmarc=temperror header.from=omp.ru;spf=temperror
 smtp.mailfrom=omp.ru;dkim=none
X-KSE-Antiphishing-Info: Clean
X-KSE-Antiphishing-ScanningType: Heuristic
X-KSE-Antiphishing-Method: None
X-KSE-Antiphishing-Bases: 08/17/2022 19:49:00
X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean, bases: 8/17/2022 5:03:00 PM
X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Iff ipi_send_{mask|single}() get called with e.g. an invalid IRQ #, all the
local variables there will be NULL -- the problem is that ipi_send_verify()
(that's called first thing) doesn't verify its 'data' parameter, resulting
in a kernel oops in irq_data_get_affinity_mask() as the passed NULL pointer
gets dereferenced.  Add a missing NULL check in ipi_send_verify()...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.

Fixes: 3b8e29a82dd1 ("genirq: Implement ipi_send_mask/single()")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>

---
The patch is against the 'tip.git' repo's 'master' branch...

 kernel/irq/ipi.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Index: tip/kernel/irq/ipi.c
===================================================================
--- tip.orig/kernel/irq/ipi.c
+++ tip/kernel/irq/ipi.c
@@ -188,9 +188,9 @@ EXPORT_SYMBOL_GPL(ipi_get_hwirq);
 static int ipi_send_verify(struct irq_chip *chip, struct irq_data *data,
 			   const struct cpumask *dest, unsigned int cpu)
 {
-	const struct cpumask *ipimask = irq_data_get_affinity_mask(data);
+	const struct cpumask *ipimask;
 
-	if (!chip || !ipimask)
+	if (!chip || !data)
 		return -EINVAL;
 
 	if (!chip->ipi_send_single && !chip->ipi_send_mask)
@@ -199,6 +199,10 @@ static int ipi_send_verify(struct irq_ch
 	if (cpu >= nr_cpu_ids)
 		return -EINVAL;
 
+	ipimask = irq_data_get_affinity_mask(data);
+	if (!ipimask)
+		return -EINVAL;
+
 	if (dest) {
 		if (!cpumask_subset(dest, ipimask))
 			return -EINVAL;