Received: by 2002:a05:622a:1442:b0:3a5:28ea:c4b9 with SMTP id v2csp667922qtx; Thu, 17 Nov 2022 04:53:10 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Vwh/NqaKAwHYHIQJgaDgGAcI7W7IF1QjQjwyt2vxWwVHFRGo7A5UbKTd0OLt8NoXmB5xW X-Received: by 2002:a17:906:369b:b0:78d:34a:f466 with SMTP id a27-20020a170906369b00b0078d034af466mr2045290ejc.162.1668689589945; Thu, 17 Nov 2022 04:53:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668689589; cv=none; d=google.com; s=arc-20160816; b=VUSbaHKkv0nL8MsU8GFkd/8rveTfzpuG2SZlER4uLANpy9gOtTrn38wKas0e/DRaGe iuvg3rAWXrxo75q9dhT+mMWEHV+zXCBti5rEve0/aRysio5es7tZ+vkbeSUFHQyXup6L LZG8M1WIuUHbLa20wD6gCBSF/gfAmRfruRVZxdGSNS3//sbIEqKPDvE8bgfAm0kt1REf fKznPIn+XQ9cLttVSAA85WHWDSvuYfTUk2zOIhBOhYrZQXRKYJVKxJmO51e2Ty+xX6mw 0zCE2wbLr6uudwpu7HuJFFGwkfdXcmtaEDDhHnb3mh0Qd+21RxsIrOlatSQ5n80PCt2r 4O/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=fzv3uEKI9R75mkvMhmrhyA597H5oOTjTfEKnekrNENs=; b=kcOpqSz6z5AHnwy6MLvr6mzYRAfvp4ROS5/R+0tIpvrI9Q1XcjkIuJdRD/pB11ppXF NcI05MNzUcjLezgImyp8qojyPcK6bBkL9EqsSIa9Z/qn9QUcir7WuWFdBf1+CEvysGXA 4oNAm/AS6jLEt9yfMSr7LU5CxKQ6L3GU0QCG5ji/GIL4VPWbdStns9JbmXrS+f3TIGZP kBbY+S8SeUloEIn5BigfwfWL4heEdqy1/FL12b0XMqsvmrpsdECPB5GwzQTnW+uKA0el 88wJK4J1rOcciSJNhIH4lqLyXPO+V7FTAM5OVeU5LgV6nxCILpa/o+fMrqznV/G5WMmm knrw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b6-20020aa7dc06000000b004594b742e0asi718971edu.323.2022.11.17.04.52.47; Thu, 17 Nov 2022 04:53:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234840AbiKQMby (ORCPT + 92 others); Thu, 17 Nov 2022 07:31:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56016 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239831AbiKQMbd (ORCPT ); Thu, 17 Nov 2022 07:31:33 -0500 Received: from mail.astralinux.ru (mail.astralinux.ru [217.74.38.119]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 092A17721A; Thu, 17 Nov 2022 04:30:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id 8FF3518640DD; Thu, 17 Nov 2022 15:30:18 +0300 (MSK) Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 3Wyc6Ar0RLbD; Thu, 17 Nov 2022 15:30:18 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id 3589018640D7; Thu, 17 Nov 2022 15:30:18 +0300 (MSK) X-Virus-Scanned: amavisd-new at astralinux.ru Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ynNIvwKRm9Iv; Thu, 17 Nov 2022 15:30:18 +0300 (MSK) Received: from rbta-msk-lt-106062.DL (unknown [37.1.14.128]) by mail.astralinux.ru (Postfix) with ESMTPSA id 832A71863D1F; Thu, 17 Nov 2022 15:30:17 +0300 (MSK) From: Anastasia Belova To: Ulf Hansson Cc: Anastasia Belova , Geert Uytterhoeven , Jiasheng Jiang , Wolfram Sang , Teppei Kamijou , Guennadi Liakhovetski , Shinya Kuribayashi , Chris Ball , linux-mmc@vger.kernel.org (open list:MULTIMEDIA CARD (MMC), SECURE DIGITAL (SD) AND...), linux-kernel@vger.kernel.org (open list), lvc-project@linuxtesting.org Subject: [PATCH] mmc: sh_mmcif: Add check for NULL for host->chan_yx and host->chan_rx in sh_mmcif_end_cmd Date: Thu, 17 Nov 2022 15:30:07 +0300 Message-Id: <20221117123007.13071-1-abelova@astralinux.ru> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Without these checks NULL-pointer may be dereferenced in sh_mmcif_end_cmd parameters inside if (data->flags & MMC_DATA_READ). Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: eae309836509 ("mmc: sh_mmcif: Terminate DMA transactions when dete= cting timeout or error") Signed-off-by: Anastasia Belova --- drivers/mmc/host/sh_mmcif.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/mmc/host/sh_mmcif.c b/drivers/mmc/host/sh_mmcif.c index 0fd4c9d644dd..f35694acafcc 100644 --- a/drivers/mmc/host/sh_mmcif.c +++ b/drivers/mmc/host/sh_mmcif.c @@ -1136,14 +1136,17 @@ static bool sh_mmcif_end_cmd(struct sh_mmcif_host= *host) time =3D wait_for_completion_interruptible_timeout(&host->dma_complete, host->timeout); =20 - if (data->flags & MMC_DATA_READ) - dma_unmap_sg(host->chan_rx->device->dev, - data->sg, data->sg_len, - DMA_FROM_DEVICE); - else - dma_unmap_sg(host->chan_tx->device->dev, - data->sg, data->sg_len, - DMA_TO_DEVICE); + if (data->flags & MMC_DATA_READ) { + if (host->chan_rx) + sh_mmcif_end_cmd(host->chan_rx->device->dev, + data->sg, data->sg_len, + DMA_FROM_DEVICE); + } else { + if (host->chan_tx) + dma_unmap_sg(host->chan_tx->device->dev, + data->sg, data->sg_len, + DMA_TO_DEVICE); + } =20 if (host->sd_error) { dev_err(host->mmc->parent, --=20 2.30.2