Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp4519215rwe; Tue, 30 Aug 2022 11:33:54 -0700 (PDT) X-Google-Smtp-Source: AA6agR5WnL7FeIlF5DjYOspdnHeSL2vnUn9tJlqdbV7Md2knM6OihhqBjybPFIlNVqFl5hkVn+VC X-Received: by 2002:a17:907:da0:b0:730:d0ba:7b13 with SMTP id go32-20020a1709070da000b00730d0ba7b13mr18556112ejc.332.1661884434122; Tue, 30 Aug 2022 11:33:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661884434; cv=none; d=google.com; s=arc-20160816; b=LJKx2zdxUqdBoFxdzdaV0KZaK9ycHLkEv/oxXJe84O61YtXcgJoQtW06qE6t60IiN7 OLup9o8hVx3SisKF234jw/gm1kfKzn8P/oRRo+eV+f52FdWrm+UHMXz+rHv25MZ0LGzk xt8GUoffdd2rOAgqEXej7R1GzytZSnsEFjDJ62GLn9MRU6Zp2HM9cM/FtCrpJ/6FY/2a xFeFtZpemuKsfEE0xBAIUo/8f+FyXsGzZG9lmMwNJt52Ilq/4sot7/O/Vbq+myL8obUD 8lHWTIPdm5eQLd77E4L0R1HsGgN5xdbzLnMTzxz90URL138RrLbYfVFdFydZRrjc1x9g EbrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1muDwioTIi3B1e+h9e5mC5IqUavPVBLGoxck+TXgKt8=; b=NOfMPvC0KXZGnMskczcSznJSABcvWRNrBjLDOVJo15UD3YM/IMu8rmRIZtJHp2SiDf 3ZUF+howYsL6uZzw4d/b9Dnt9i4Ndh5zXKCnORMQCmVCNbwp4e3ASCzFMmbL4Ikzu2ML vvVvXoHst3G+Uzuh7lgyRNQ/1NLw7P6IrS2W9OAMTa5aWHBnbb4QKr6+J/BfoUbjXBdX cgGE7RzDhI0MatCBzhM5gooP745T6KJIWtILyeFRt/xLZjRNgGK4myiEuIhgm45YhPKo XU8mAklcGJh0sbmxpwa8ajQT14Fe07MMRZIah3QZdHMkyShl0MJHup0be9/9kLUIkCQc VVqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=efTmyBNJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dm14-20020a05640222ce00b0044838047bf5si2983460edb.110.2022.08.30.11.33.05; Tue, 30 Aug 2022 11:33:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=efTmyBNJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231372AbiH3RWn (ORCPT + 99 others); Tue, 30 Aug 2022 13:22:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230058AbiH3RVo (ORCPT ); Tue, 30 Aug 2022 13:21:44 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C4306412; Tue, 30 Aug 2022 10:20:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A1A8E6177A; Tue, 30 Aug 2022 17:20:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75301C433C1; Tue, 30 Aug 2022 17:20:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1661880030; bh=IFikoIwYMuGHOCmiTtW6rEfGuDE6Jp7sFedtFiowjxQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=efTmyBNJymoW/F/EGyM81z3aydLhcXtqRxw8ZSxlPdUw3N+yUJ5ZJI26YT2CCrHp+ qFhqOwotQ7Jfd/6c9GhxSygbxc8YoPdvhYm1w5QWbk/5E9diMoazbTl7ZoP+X/ypRH T0MhOsC33IDR2mnjik5KVXvy4UiqlV78rKveZfdiJ6FhUaFgg+BgibTNqNDFY/TiVW 66lZf8+lt37pLl80O33BPFUM3JtxNfF5Obgqv9L4zP6FvWk9ohnwWKPR1IbkRG4ixG lbOwQBhIlX6C0zN5IdTOBEBkrSV4TffafouRStnJT3Pm5cV5pQijSG3ZS5/iZDu7FS VSkyTQ4boLssg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: "Lee, Chun-Yi" , "Lee, Chun-Yi" , "Rafael J . Wysocki" , Sasha Levin , rafael@kernel.org, daniel.lezcano@linaro.org, srinivas.pandruvada@linux.intel.com, rui.zhang@intel.com, dave@stgolabs.net, sumeet.r.pawnikar@intel.com, chuansheng.liu@intel.com, keescook@chromium.org, dan.carpenter@oracle.com, linux-pm@vger.kernel.org Subject: [PATCH AUTOSEL 5.19 22/33] thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR Date: Tue, 30 Aug 2022 13:18:13 -0400 Message-Id: <20220830171825.580603-22-sashal@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220830171825.580603-1-sashal@kernel.org> References: <20220830171825.580603-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Lee, Chun-Yi" [ Upstream commit 7931e28098a4c1a2a6802510b0cbe57546d2049d ] In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault. Signed-off-by: "Lee, Chun-Yi" Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin --- drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c index 80d4e0676083a..365489bf4b8c1 100644 --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c @@ -527,7 +527,7 @@ static void int3400_setup_gddv(struct int3400_thermal_priv *priv) priv->data_vault = kmemdup(obj->package.elements[0].buffer.pointer, obj->package.elements[0].buffer.length, GFP_KERNEL); - if (!priv->data_vault) + if (ZERO_OR_NULL_PTR(priv->data_vault)) goto out_free; bin_attr_data_vault.private = priv->data_vault; @@ -597,7 +597,7 @@ static int int3400_thermal_probe(struct platform_device *pdev) goto free_imok; } - if (priv->data_vault) { + if (!ZERO_OR_NULL_PTR(priv->data_vault)) { result = sysfs_create_group(&pdev->dev.kobj, &data_attribute_group); if (result) @@ -615,7 +615,8 @@ static int int3400_thermal_probe(struct platform_device *pdev) free_sysfs: cleanup_odvp(priv); if (priv->data_vault) { - sysfs_remove_group(&pdev->dev.kobj, &data_attribute_group); + if (!ZERO_OR_NULL_PTR(priv->data_vault)) + sysfs_remove_group(&pdev->dev.kobj, &data_attribute_group); kfree(priv->data_vault); } free_uuid: @@ -647,7 +648,7 @@ static int int3400_thermal_remove(struct platform_device *pdev) if (!priv->rel_misc_dev_res) acpi_thermal_rel_misc_device_remove(priv->adev->handle); - if (priv->data_vault) + if (!ZERO_OR_NULL_PTR(priv->data_vault)) sysfs_remove_group(&pdev->dev.kobj, &data_attribute_group); sysfs_remove_group(&pdev->dev.kobj, &uuid_attribute_group); sysfs_remove_group(&pdev->dev.kobj, &imok_attribute_group); -- 2.35.1