Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp842241rdd; Wed, 10 Jan 2024 00:44:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IGoyHwu2t+Q0jyhAvcsPBTGiOh4VfNNcNn2z6I52pOZCE59cJy3At20FmXSI0ovk44VRCWz X-Received: by 2002:a05:6808:238d:b0:3bd:4a0c:2c32 with SMTP id bp13-20020a056808238d00b003bd4a0c2c32mr461982oib.70.1704876243495; Wed, 10 Jan 2024 00:44:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704876243; cv=none; d=google.com; s=arc-20160816; b=eZRzeOtJ+UX8087aoipIdQlNOlQxPB0b7Ul8C7UxMnPVBQor1UeetUoLYDoDeu4LCW Xfw7zvASZDUePZ+doMdByKt1sT00JEtdIMzM/k1UskIXbAlJC8+A3RqibtsEGbPgnbxi Kv+zcZVDwdQNx7DHlRFF1u7OH403k0HSNdbEmUxnh8si8nbkUoEjLslmSyoI3ZJvaOQk vlro1wcKlOFapQRy+MziRMTv9bpeFbOAsqTPD4vW6Nct+V1a/HOGtZFIqoTSnG1Ue6IZ hnMuSimAL/7PbdIxrBjkilqyZpk83IGUczOry0mNBde6pNOLlLSYWI8pAhqFm7POdp9e jnjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=xBqz+NKkAhcga/7KbDtJF7MTdjSbEbQnaZUr3GeRp3U=; fh=9NguLLuaIHRBv3qfLuYPhJ9BoJLPHXCJbHqQpjAEW8E=; b=vqoIPfufqbxEuKJ1bPxdtWHc55FxEXuvZJisHOH3D1vNOPsjgRr0KsUt6atdgJ0cnO crD4MoWC6n7TN+55MASgEuaynV5u4Um0+ngJJypyz6NRQhMCgbtvUYjm8ODRXl+rGnvL uH3LQSiMZisxYeQYnIUXuYr9LQMnq5LXITz4fPi0+uJW0k5NU66u4GhmXHNH/rJj55zu leT1u305jZxJgGpDBZ4wmjjhApZd8Ww8mDMXzNmTf3+NNoUKt5JEp0Q5FYcpIrhx55z7 pCgHdaLmHvRs7H0k4hEYpQv+jp23sc0Z75TVL5/FoPOQ5QCfk+nomvwTQSLDyMQNqXMi tgmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CeRlS2K7; spf=pass (google.com: domain of linux-kernel+bounces-21858-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21858-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id w67-20020a636246000000b005cf0759db3bsi3154584pgb.376.2024.01.10.00.44.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jan 2024 00:44:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21858-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CeRlS2K7; spf=pass (google.com: domain of linux-kernel+bounces-21858-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21858-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id EDEC6285B9B for ; Wed, 10 Jan 2024 08:44:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E5B603987D; Wed, 10 Jan 2024 08:43:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CeRlS2K7" Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BCB833CFD; Wed, 10 Jan 2024 08:43:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-5542a7f1f3cso4470780a12.2; Wed, 10 Jan 2024 00:43:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704876230; x=1705481030; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=xBqz+NKkAhcga/7KbDtJF7MTdjSbEbQnaZUr3GeRp3U=; b=CeRlS2K73BZ0jiyfJrcSerCsePBTyIHLp0H4SIPv3t0uJxqKsGuZ9vvx8nq0oXovs6 HMK7XGcZKns/hTbuP7YxldMSggFbtirGJ5O/jApBW2XjVMDtJvbilGsgPsscdyHf224O WLYTlQmq8cHFppBRoH+Y0WDB+6bE96qtS3Q29bt+51CFlAfQCov2RC+jdsRrr2Y3L+4O ep2+C1/2P58Gd5kvZjtvU0irueC2FGJesEYjwRWnm4JCSMH8zx26q5XZxKy/cvne+AO2 KvtsxlpliQsHB+MzXDT92hRYzgxmb/3/K8EdeGYOHuJRQoIJHPpYWzSEvT8bR4oPCbu1 kktQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704876230; x=1705481030; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xBqz+NKkAhcga/7KbDtJF7MTdjSbEbQnaZUr3GeRp3U=; b=X1AT9lvB6QH5BaZ/KSQIyoJdFunQfGm8W58tPHUrs/CU8AbBo4r/elET1MfDXCbms3 UZl4j7V1b3dERAW9atQfZRNrl78Yp2KwltFX9Q0/swxoWwEKq4uSzr5tlvEuIFZL8OSe rPk2jVmZmsIfOr4jXMhkd6755jCt7O7zC6L2kiI5EZVEHEtvUtf62dRjkB7rpX+XjuOD c6GL+kazhGYEpLJR8TyY96DI8sYb6r2QUgogXSHqAsTMiHkVlJie/ZJ597xcP9NW3mY7 6JhWeBLeQvWT/XlXh8ANr8WwRZx52mjugzCtiBYHyvPZ5gBzfFT8QBD/FF0gBxqM+kcD FPpw== X-Gm-Message-State: AOJu0YymHhJQtpWp+1cmmnVyamF8WV4MYd1seyxxdkcliQtGMujzLIPD C9xEVvqoxdF+dpBF1FxN67+axy3T7R+h56X+eQxLUydIL08= X-Received: by 2002:a17:906:3e08:b0:a2a:2498:93c5 with SMTP id k8-20020a1709063e0800b00a2a249893c5mr424762eji.73.1704876229573; Wed, 10 Jan 2024 00:43:49 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240109145121.8850-1-rand.sec96@gmail.com> In-Reply-To: <20240109145121.8850-1-rand.sec96@gmail.com> From: Tali Perry Date: Wed, 10 Jan 2024 10:43:38 +0200 Message-ID: Subject: Re: [PATCH] i2c: Fix NULL pointer dereference in npcm_i2c_reg_slave To: Rand Deeb Cc: Avi Fishman , Tomer Maimon , Patrick Venture , Nancy Yuen , Benjamin Fair , openbmc@lists.ozlabs.org, linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org, deeb.rand@confident.ru, lvc-project@linuxtesting.org, voskresenski.stanislav@confident.ru Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Jan 9, 2024 at 4:52=E2=80=AFPM Rand Deeb wro= te: > > In the npcm_i2c_reg_slave function, a potential NULL pointer dereference > issue occurs when 'client' is NULL. This patch adds a proper NULL check f= or > 'client' at the beginning of the function to prevent undefined behavior. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Rand Deeb > --- > drivers/i2c/busses/i2c-npcm7xx.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-np= cm7xx.c > index c1b679737240..cfabfb50211d 100644 > --- a/drivers/i2c/busses/i2c-npcm7xx.c > +++ b/drivers/i2c/busses/i2c-npcm7xx.c > @@ -1243,13 +1243,14 @@ static irqreturn_t npcm_i2c_int_slave_handler(str= uct npcm_i2c *bus) > static int npcm_i2c_reg_slave(struct i2c_client *client) > { > unsigned long lock_flags; > - struct npcm_i2c *bus =3D i2c_get_adapdata(client->adapter); > - > - bus->slave =3D client; > + struct npcm_i2c *bus; > > - if (!bus->slave) > + if (!client) > return -EINVAL; > > + bus =3D i2c_get_adapdata(client->adapter); > + bus->slave =3D client; > + > if (client->flags & I2C_CLIENT_TEN) > return -EAFNOSUPPORT; > > -- > 2.34.1 > Thanks for the patch! Reviewed-by:tali.perry1@gmail.com