Received: by 2002:a05:7208:3003:b0:81:def:69cd with SMTP id f3csp4220906rba; Tue, 2 Apr 2024 10:31:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW4TbLSJTqFHqs39fIyOVWc1d+IMqGtajXEnVU/b+FR+NY4HzHQ2W03xByRyafkcELPgXaMoTv4xf4IKzXcoxUcRTtqa3zkwtDOcANTPQ== X-Google-Smtp-Source: AGHT+IFQw0kcFoE/R6W64VsF/8IT5kv6zDNuhBEUl+U2PjulEVCTY8cqYT2O1ki40aqcbz7qWMpa X-Received: by 2002:a05:6808:3205:b0:3c3:85e4:49b3 with SMTP id cb5-20020a056808320500b003c385e449b3mr16389976oib.23.1712079112866; Tue, 02 Apr 2024 10:31:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712079112; cv=pass; d=google.com; s=arc-20160816; b=CZCaZnlPR8XluvRNBizJCCUZN1qwMk6CuCeVTJWAg4iomQOzFIx2KGBvBNpXvTIXrR V8OjhGWVMaRvfki02UIdFc7/HvxA7DO3LdNVj9ps0FRMiYYrGmC6aAS4QPPEg7jCBECk 9baVAbZgO7vUmvAr8sGl2CwbZFIWm7YycFTP90jGGx9xb/NbfVozwRLFWNZ+SUtUdr4j tWsmv5HDBjxbACEfTKKukQmhh72QGZDpCu16IjRuqGBvitHIOdvSldRkFT7EvLs/XKdM gmWNC5cb6dsa51dqrOjw7F8EmtJxj69Wnl3Iyxa2EKzvehEEd0NyYxL4ZeRBBRUfxPnA 5fvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:subject:cc:to:from :date:dkim-signature; bh=0ZbG0qXGWWY/vFzGzamR/2XxFYlgMGRBeCcA5gEnP7g=; fh=RedPnyVxIN7nNcNh+Q6Bd4a+tt6lmU3nh08FFrK2WXU=; b=hw5IgVnQ5OUKDEOkVtUMb3hCYMWFg3LdY5/84ARzbcyXFCO13wjMrKVwLeLMYM6hfs B1e904tqslfJk8oN63k9e+vgev2n5Ed3cE5YK30BA8ZFV9BksBaILQGgOH/Y3p6y5tEs 8JJQhmEHx2C2ZtH6lDAtnIE8OFB4gSFIOaLyzTo+rdtm5f9aKkHs9T5v1wauOUzywExL 4rLtBhl8XFfFHymqJM8wtntRr7YCRYq/HsmSpVYz4ELJ4LUdFheDCI7MvScWzHDOm3iq WHjgcm3p03DTZoSyaOcFQN7x8Z+iAkSu4FDDFwQv/ghwqCNg4w3D+1XfOi4Yn6nDmGMM apIg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CJ9HYqDy; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-128426-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-128426-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id c14-20020ab030ce000000b007e061656893si1477235uam.161.2024.04.02.10.31.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Apr 2024 10:31:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-128426-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CJ9HYqDy; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-128426-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-128426-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 610661C2450E for ; Tue, 2 Apr 2024 17:31:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3B76615A4A6; Tue, 2 Apr 2024 17:31:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CJ9HYqDy" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54050133283; Tue, 2 Apr 2024 17:31:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712079083; cv=none; b=gFCwe3DhVe6tqKGOpHftquEU44FxUT87I0OKyj2juTWimEww8WIw1F2wIqlqes1r9foZX7euoMp2JeKaZ1Lpy79/qf5tWNCkYqskAZgFeEF9kD38ZDvPUmKiCSeg0C9uvcg+Kbx951iAS+AgLbzPI+tBRyKJbrOcPGlJ/jN4U4Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712079083; c=relaxed/simple; bh=lrf2H0YQAGtvMv18gh40GOdVnYqcnYKmW5VFDLEhDT4=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition:In-Reply-To; b=GrYwr/q1ddzDPlTx/qWljcUOLizwYkX/FK7m0rVy0/dg/iQfRe7NLeFdy+urPzyNI9DPJ467NGUmodnbngUMlVJprA1OX9Xzx3O7LUEQOwLJn/2saYT9EpSin16cAji0H1UJ8mRCDGs6OR1JDzJidGD0j4h1SmH4cbvw9eeU96Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CJ9HYqDy; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A49F9C433F1; Tue, 2 Apr 2024 17:31:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712079082; bh=lrf2H0YQAGtvMv18gh40GOdVnYqcnYKmW5VFDLEhDT4=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=CJ9HYqDy4b4jUl4HOUQpoeh9rNv2qhvhMunZ0p3zd70XBx2e4NIrrLi7avEG55rQP qbTizpQGpmibLUJh9G8IjuNwM/oO2B9E5J/7b2Zx3rHcTWpr1+TiwT3yF6Nrifmdvq WVQA2RreXD4jYpaPBU/9XUT9tqKIAGPRRkyEdgHytU/v5PLy1V4RbY67bbchvmJSvK krohOg8WwmIs7tIj1r3S5yApyfTRB7EhpAiDh2j13eAWctrSCMOUbKXjT+Mb+qxzSX XPhNLm1qJJnajdBuNM9UYfVtOuSuFsP93FcARb9OqW2ydUR1K/QWNEpCZd4EHEBdz8 DK5b3G0QkC4gA== Date: Tue, 2 Apr 2024 12:31:21 -0500 From: Bjorn Helgaas To: Aleksandr Mishin Cc: Rob Herring , Lorenzo Pieralisi , Krzysztof =?utf-8?Q?Wilczy=C5=84ski?= , Bjorn Helgaas , Manivannan Sadhasivam , Uwe =?utf-8?Q?Kleine-K=C3=B6nig?= , Serge Semin , Niklas Cassel , Yoshihiro Shimoda , Damien Le Moal , Siddharth Vadapalli , linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: Re: [PATCH] PCI: dwc: keystone: Fix potential NULL dereference Message-ID: <20240402173121.GA1819268@bhelgaas> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240329051947.28900-1-amishin@t-argos.ru> On Fri, Mar 29, 2024 at 08:19:47AM +0300, Aleksandr Mishin wrote: > In ks_pcie_setup_rc_app_regs() resource_list_first_type() may return > NULL which is later dereferenced. Fix this bug by adding NULL check. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 0f71c60ffd26 ("PCI: dwc: Remove storing of PCI resources") > Signed-off-by: Aleksandr Mishin > --- > drivers/pci/controller/dwc/pci-keystone.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c > index 844de4418724..00d616654171 100644 > --- a/drivers/pci/controller/dwc/pci-keystone.c > +++ b/drivers/pci/controller/dwc/pci-keystone.c > @@ -392,7 +392,11 @@ static void ks_pcie_setup_rc_app_regs(struct keystone_pcie *ks_pcie) > struct resource *mem; > int i; > > - mem = resource_list_first_type(&pp->bridge->windows, IORESOURCE_MEM)->res; > + struct resource_entry *ft = resource_list_first_type(&pp->bridge->windows, IORESOURCE_MEM); > + if (!ft) > + return; Like the other one (https://lore.kernel.org/all/20240328180126.23574-1-amishin@t-argos.ru/), I think this potentially avoids a NULL pointer dereference (though I didn't do the analysis in this case to see whether that's actually possible), but fails to consider the implication of simply skipping the rest of ks_pcie_setup_rc_app_regs(). "start" and "end" are used only for the loop about "Using Direct 1:1 mapping of RC <-> PCI memory space". If there's no IORESOURCE_MEM resource, obviously that loop makes no sense. The function would probably be improved by moving the resource_list_first_type() so it's next to the loop that uses the result. But the rest of the function doesn't depend on that IORESOURCE_MEM resource, and it's not at all clear that the rest of the function should be skipped. > + mem = ft->res; > start = mem->start; > end = mem->end; > > -- > 2.30.2 >