Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp930723lqg;
        Sat, 2 Mar 2024 07:32:00 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCXIfvMqSL7P1qgZFYmHeChkO5x5WjnYdin7lEMQa457gkzQZRZ+JjcXLnXdOKFeaNRrik+PiUDbqLSB6AINe7Bhwj5viHYlpt/UrpnGsQ==
X-Google-Smtp-Source: AGHT+IGpDAdl2WC9+wVrqaeaUF0UbD2IidL0ZONPRQiAW/+15uGQSbzeWHkCRSx59c6ESFMhH9f0
X-Received: by 2002:a05:6a21:3947:b0:1a1:44c9:2d8d with SMTP id ac7-20020a056a21394700b001a144c92d8dmr2424075pzc.37.1709393519834;
        Sat, 02 Mar 2024 07:31:59 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709393519; cv=pass;
        d=google.com; s=arc-20160816;
        b=vhutldmSstoAcvbEmJfN+uQqH1zDA29nK228gtsBNsWGUHmJwxZ/iER8AlHXk3BdMA
         dRBpYwgXCp9ESBU6Ss3dUHaJ9RR7x/SGr+qIwC0/LTaZ3Q86ggI1KFUcuPRItPDrdb7g
         Xo5dseS3QRbJPZ5sBjX2/LuhKZjYcK7L08ypWEFTTCCurWAPz1OrG6fGjYtGul6d/RmU
         avY0Tb+n6fKYxV9B1/W4VUGca1DKLq4PL00mz+YOHig+DWhmJchd2G0eJCR+f19ZHzn1
         W/eDhJ1xLlqvkf4meSgyYzJteE42FC2f9zsZ736OU1w695hQTqNYfLoD4pJ2gey/Vol2
         Pc2g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id:dkim-signature;
        bh=pcwS+vAT2fwsjgoSR/yvl2URHCxzURia5C1neOopGqY=;
        fh=cP8zNB0C6Fi/mnqWXguTCbdx8/D/3L7hXCagnE3czCs=;
        b=R9/oQ4HcjS4nW+weag3rxnKt+GS4ouJ0wQ9G/KuLCjBwB8zzR4iZtZGJ0udJt9ejEj
         rzEr613ihEzGO9yrdtH5vaU4kzYiZPAzcJZ7OdEztYcnEIH6QEc9kAFWG0S74GYyI1PV
         Ulhiwc5vO0HhK7rslNYZT8k1ihHy/g3gqp4H9EFu1Fymp5Bzh6TLEQUOA8ZE/zGY+dBZ
         s4pW6AfJYEpspSa8aonPHBcGP/x+jQZTgZ3KES3ZsUklseccSfZIsJVO0YP8nx30aaRC
         seyyXd9rk/8Mpd8vCrpLSeQI8sW7ZupKsaktLiwnHGQZGPEAsW9CQDnFz2omARcpnnS9
         S2Wg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b=ATzL9mNS;
       arc=pass (i=1 spf=pass spfdomain=ieee.org dkim=pass dkdomain=ieee.org dmarc=pass fromdomain=ieee.org);
       spf=pass (google.com: domain of linux-kernel+bounces-89477-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-89477-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org
Return-Path: <linux-kernel+bounces-89477-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id h31-20020a63121f000000b005e1c589e380si5718258pgl.83.2024.03.02.07.31.59
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 02 Mar 2024 07:31:59 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-89477-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b=ATzL9mNS;
       arc=pass (i=1 spf=pass spfdomain=ieee.org dkim=pass dkdomain=ieee.org dmarc=pass fromdomain=ieee.org);
       spf=pass (google.com: domain of linux-kernel+bounces-89477-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-89477-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id B010FB22810
	for <linux.lists.archive@gmail.com>; Sat,  2 Mar 2024 15:31:51 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 137541864A;
	Sat,  2 Mar 2024 15:31:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="ATzL9mNS"
Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA364182C5
	for <linux-kernel@vger.kernel.org>; Sat,  2 Mar 2024 15:31:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.45
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709393504; cv=none; b=eHRQ64QWi4A0sfVDy66pDtz+W+DjC2EYt2NiIZ8HrsHfoK5rGOgtE7nk36Fj22Dx6Hr8DBWz05Sa2gtdCh53lq/vcZRXiLX4gOkDTIxjFtsvakAGFKtK4ahs1pfmDu/Ke0Lk4M6d1r0zLvrYSPBGSLYOWk6KxORmvdYmlJOiGfI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709393504; c=relaxed/simple;
	bh=+v4yvN0kxUI9tPDM9nvpiiOzpOQi8oxzkIuHiqx0jYs=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=BrmBjM9dTIRjyhqHzGQ2jKVv9/mxfHEq8NSzGAZ3uSbC5wxhV6gQ01pqkx5cfpuNGrp3GgweEKFL2U0uHg/PzMUcWh1XVMN1BGD8CU+nS82pIYP0zw6oXKI9uLJyCHW9eDr9Xqz1RcMpyIG2OqSj9AkRmKelkhdSjKN3X9RqS9g=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ieee.org; spf=pass smtp.mailfrom=ieee.org; dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b=ATzL9mNS; arc=none smtp.client-ip=209.85.166.45
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ieee.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ieee.org
Received: by mail-io1-f45.google.com with SMTP id ca18e2360f4ac-7c8395e24fbso20952839f.3
        for <linux-kernel@vger.kernel.org>; Sat, 02 Mar 2024 07:31:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ieee.org; s=google; t=1709393500; x=1709998300; darn=vger.kernel.org;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=pcwS+vAT2fwsjgoSR/yvl2URHCxzURia5C1neOopGqY=;
        b=ATzL9mNSR5xwP4h409FTm4sMxEbW4NcIIHWT7osyWzs4tZo41TvmDjn3QcdIPWqffF
         VpZ9Ufh5FxYc9bNOFbsVGloPf886Rk4vcLwJ4BwPE4LQO8PLiLWcdMVt2RagzYC568lm
         waMfv+Mf3wboZsDrppeAxEl99lbi0TBFJk1B8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709393500; x=1709998300;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=pcwS+vAT2fwsjgoSR/yvl2URHCxzURia5C1neOopGqY=;
        b=gd21tFuxdS4vuEb+RFBRuGIvYZNoI5Rb5MajuQua+b9Sz8ofIryIK/35o1zRQIUCFU
         U0u0tuK52NieAqsjyju9ktXdQcr8Y5rAPDbNxQ6LKJNjcHK9W59gorwS1dfzeBhrX/vh
         0kbita4JD0qWpG6JvtnIHDBQ7zLiU3LIXHfC2KgO7HVV2kc7nJ2AZ4vg//w8o4Amp48X
         98yN4fX9niQR8XYSgPpWDy9onIJXgaWtYmNTrZcj5ZoJCQMNeq0vErDpMGTLUbykAcjG
         hYHOi9CIeFIz/Wg1zv+Md+4no22V0OB85BxhfYtb7am9vt+qAjQKVVFQOh+cdJLjpg1O
         SGCg==
X-Forwarded-Encrypted: i=1; AJvYcCWC1sUS/7jiCjObFVg+QQAuqfXJYGrT5MQi39K7hwNUamyRLHUgQrXU0pzxOBzqsqL3Jmbm7j0daSYVT/bPiL9EIaEzcSypUrGV261r
X-Gm-Message-State: AOJu0Yy5HivJhX5VX4Xa9e7qSI+s48iRhmkNuleq86/TCbJKtkaLjfUe
	Sg/AuCY0MbMOn5/e1TyG/6/4JbtPNogwLdx2u7+/Zg/HRJRgR0fHHmEh+lcnrQ==
X-Received: by 2002:a5e:a810:0:b0:7c7:f6ac:cb4 with SMTP id c16-20020a5ea810000000b007c7f6ac0cb4mr4979742ioa.3.1709393499975;
        Sat, 02 Mar 2024 07:31:39 -0800 (PST)
Received: from [10.211.55.3] (c-73-228-159-35.hsd1.mn.comcast.net. [73.228.159.35])
        by smtp.googlemail.com with ESMTPSA id s7-20020a056602168700b007c7ab36d3ffsm1438960iow.43.2024.03.02.07.31.39
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sat, 02 Mar 2024 07:31:39 -0800 (PST)
Message-ID: <07df4b96-70c2-41de-9d76-1deb80447a79@ieee.org>
Date: Sat, 2 Mar 2024 09:31:38 -0600
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [greybus-dev] [PATCH] greybus: Fix deref of NULL in
 __gb_lights_flash_brightness_set
Content-Language: en-US
To: Mikhail Lobanov <m.lobanov@rosalinux.ru>,
 Rui Miguel Silva <rmfrfs@gmail.com>
Cc: greybus-dev@lists.linaro.org, linux-staging@lists.linux.dev,
 linux-kernel@vger.kernel.org
References: <20240301190425.120605-1-m.lobanov@rosalinux.ru>
From: Alex Elder <elder@ieee.org>
In-Reply-To: <20240301190425.120605-1-m.lobanov@rosalinux.ru>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 3/1/24 1:04 PM, Mikhail Lobanov wrote:
> Dereference of null pointer in the __gb_lights_flash_brightness_set function.
> Assigning the channel the result of executing the get_channel_from_mode function
> without checking for NULL may result in an error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.

I think this is an actual problem but this might not be the
right fix.

The point of the call to get_channel_from_mode() is to get
the attached torch channel if the passed-in channel is a
flash channel.  It's *possible* that any flash channel will
*always* have an attached torch channel, but if so there
ought to be a comment to that effect near this call (to
explain why there's no need for the null pointer check).

I think Dan's suggestion should be implemented as well.
It's possible the intention really *was* to have
get_channel_from_mode() return the original channel pointer
if there is no attached channel with the requested mode.
But if so, that should be done differently.  I.e., Dan's
suggestion should be taken, and the callers should use the
passed-in channel if the call to get_channel_from_mode()
returns NULL.  (I hope that's clear.)

So anyway, I think this (and Dan's suggestion) should be
addressed, but your fix might not be correct.

Rui, can you please shed some light on the situation?

					-Alex

> 
> Fixes: 2870b52bae4c ("greybus: lights: add lights implementation")
> Signed-off-by: Mikhail Lobanov <m.lobanov@rosalinux.ru>
> ---
>   drivers/staging/greybus/light.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/greybus/light.c b/drivers/staging/greybus/light.c
> index 87d36948c610..929514350947 100644
> --- a/drivers/staging/greybus/light.c
> +++ b/drivers/staging/greybus/light.c
> @@ -148,10 +148,15 @@ static int __gb_lights_flash_brightness_set(struct gb_channel *channel)
>   						GB_CHANNEL_MODE_TORCH);
>   
>   	/* For not flash we need to convert brightness to intensity */
> -	intensity = channel->intensity_uA.min +
> +
> +	if (channel) {
> +		intensity = channel->intensity_uA.min +
>   			(channel->intensity_uA.step * channel->led->brightness);
>   
> -	return __gb_lights_flash_intensity_set(channel, intensity);
> +		return __gb_lights_flash_intensity_set(channel, intensity);
> +	}
> +
> +	return 0;
>   }
>   #else
>   static struct gb_channel *get_channel_from_cdev(struct led_classdev *cdev)