Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp11608826ybl;
        Fri, 27 Dec 2019 17:49:11 -0800 (PST)
X-Google-Smtp-Source: APXvYqyf9Vg5LNPtJocfjM06EvkVRB2gyti2f65OpdwOKuGd9tNsFvaVckebRHY75A1UGwVCA1rx
X-Received: by 2002:a05:6830:1707:: with SMTP id 7mr36145021otk.235.1577497751031;
        Fri, 27 Dec 2019 17:49:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1577497751; cv=none;
        d=google.com; s=arc-20160816;
        b=oHEU3H4T7aC/Ni9Pl05kkONKeyk+PunF2OrhtOOvh+cIdfwyWQOLPqEz/INJ/ajF7c
         FPpbd6k44XE9Jh9/6i2oALnGrdTNKVu651NFi2C/El7SG+ptSscWPmN+p5RgIP0PPjVb
         tckjd1y9ABSHD+/fhATq4so9u9jyT2vabeTUAxHA57DlCifo+j+wfDgG+zEgvtmxWV6t
         s83vbdV7G7SoxSM4AJxOUrOtPsJf75SdXgTac2wSStmpxjm7WJAwkx5MX8avfJOJV5WU
         1zhAFTQ3HsA/bSJGZ3Bp5AhJYLK2oecT7YpUb/a7KNWjZa1WH7TWbmTfUTZGnNUB4b9x
         SWmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=BUwswIF58DB1KtJ+ICQ6+QTX6MPDBcPHFeXQK9tbzOo=;
        b=I7/tVQzJjD28w8yWQAEQgNXvCMTdFldP3Vmdq1c6RIDZtH8ssSAnxeSUJEnWkQMPvl
         8q4DF+akGSiz6meifDsZI3nCbsPn7Em6Phy1asQtcAx+k/zt9ondbS1hh5oMF3cfR+4I
         oqKRFYGnstoVMposVgHni2CocYrffGCVI1XARmSm3uni0CkVn9JdXi+TqLSFyHyUkYot
         TWxKQ6Nto0mOgTp+ffNV5/LNyx8dbY8TFEenherJuEYZ4dE4IvVZT0M1dyzKrNtF4e3s
         DUm31TszX/C+f+MsdxldKPT+7bptRXRX9ztdj5bHue13GisVDNU0uk9xV/V09D4lfu9i
         GOww==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Qz9dvRXj;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n85si17030627oig.191.2019.12.27.17.48.45;
        Fri, 27 Dec 2019 17:49:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Qz9dvRXj;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726479AbfL1BsL (ORCPT <rfc822;intmail01@gmail.com> + 99 others);
        Fri, 27 Dec 2019 20:48:11 -0500
Received: from mail-ot1-f68.google.com ([209.85.210.68]:39949 "EHLO
        mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726407AbfL1BsK (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Fri, 27 Dec 2019 20:48:10 -0500
Received: by mail-ot1-f68.google.com with SMTP id w21so30641727otj.7;
        Fri, 27 Dec 2019 17:48:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=BUwswIF58DB1KtJ+ICQ6+QTX6MPDBcPHFeXQK9tbzOo=;
        b=Qz9dvRXj5xcgAHNUogdzsS/jQFiXWvqDrC0UFX+jIRAuiUvIi02X585sT03KNfExmk
         ME8lkirSI3tdcOfDwt6g/v22cTkNnr3TgK7szL2haJoZBLWazRdPqJzpKr6KlEiUt8MC
         gXDJ+rL3pf9Y9VBdR33I5ziV/W1rmtlLBxHyXD/fVBT6pLyef2O2bFzGXAk8ZTuAReLa
         0NbxNNdHD1DKjy77hjk2Mc/sO9Hhq2flLFdz5wtfTyhL8fFAdQ78fcunm0AOpTa4wJPr
         sQUcm5Wc3YjdkVRbbU8mHPz2dK1S/UCd3rXfW6mnCOAkzOyhE+0mh0lJ7Qcaz6MpfeRp
         RDmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=BUwswIF58DB1KtJ+ICQ6+QTX6MPDBcPHFeXQK9tbzOo=;
        b=o/fUGSY4wrJWNLxPYEfV316vW3hOwlCbU5gAQKM9eIqQv1EC2eq2BIgrdWaArkbldc
         hB8k3k6ZggVWhw9vZaB0puv8I6yZl97SfIPLQ6+14KIR3AI1Vi824dsM2M0QnRShYrDg
         hMAMr90aScA8iiiJigvGKsfY153gHrjmrjABPSP5F3LlwEaoqkB3mOLBFKXKdgg6v3jw
         O6C4ZesP7V5gcFlqfBwckVEGeewf5p9oCkS6GEcEsSANc+F6dyedqpoTY6fRYBkfjzDq
         NuYtUPRET1e7FujYpeV0kJwkGPw/UA64slJpR9+CRHz+qwFHcbvLGkuki5VOcKtMMgSG
         qk+A==
X-Gm-Message-State: APjAAAVxOYTVd/+YHQRsq3do60FB1Q5HkBjLg3N9Gf+c/u72hOvWhAo6
        oLup1Q/+QYjfuHMy9oFfL2VlDfPFsgQ6U9ujs/LxtaaBFsl/bA==
X-Received: by 2002:a05:6830:159a:: with SMTP id i26mr60947634otr.3.1577497689532;
 Fri, 27 Dec 2019 17:48:09 -0800 (PST)
MIME-Version: 1.0
References: <20191227181435.7644-1-sashal@kernel.org> <20191227181435.7644-25-sashal@kernel.org>
In-Reply-To: <20191227181435.7644-25-sashal@kernel.org>
From:   Justin Capella <justincapella@gmail.com>
Date:   Fri, 27 Dec 2019 17:48:39 -0800
Message-ID: <CAMrEMU_QfP2fyh6HHf-QXAY=2GktQRaf1z0HPEX=TUcZQoY0Jw@mail.gmail.com>
Subject: Re: [PATCH AUTOSEL 4.9 25/38] rfkill: Fix incorrect check to avoid
 NULL pointer dereference
To:     Sasha Levin <sashal@kernel.org>, Aditya Pakki <pakki001@umn.edu>
Cc:     LKML <linux-kernel@vger.kernel.org>, stable@vger.kernel.org,
        Johannes Berg <johannes.berg@intel.com>,
        linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

Should the mutex be held during this check? Do you know if any of the
users need changing to IS_ERR_OR_NULL or should the dev member also be
checked?

I'm not sure if this is true of the BUG_ON macros but I have seen
implementations of similar macros that are used in the conditional
avoiding the need for a 2nd check.

On Fri, Dec 27, 2019 at 10:18 AM Sasha Levin <sashal@kernel.org> wrote:
>
> From: Aditya Pakki <pakki001@umn.edu>
>
> [ Upstream commit 6fc232db9e8cd50b9b83534de9cd91ace711b2d7 ]
>
> In rfkill_register, the struct rfkill pointer is first derefernced
> and then checked for NULL. This patch removes the BUG_ON and returns
> an error to the caller in case rfkill is NULL.
>
> Signed-off-by: Aditya Pakki <pakki001@umn.edu>
> Link: https://lore.kernel.org/r/20191215153409.21696-1-pakki001@umn.edu
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  net/rfkill/core.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/net/rfkill/core.c b/net/rfkill/core.c
> index 884027f62783..87c35844d7d9 100644
> --- a/net/rfkill/core.c
> +++ b/net/rfkill/core.c
> @@ -940,10 +940,13 @@ static void rfkill_sync_work(struct work_struct *work)
>  int __must_check rfkill_register(struct rfkill *rfkill)
>  {
>         static unsigned long rfkill_no;
> -       struct device *dev = &rfkill->dev;
> +       struct device *dev;
>         int error;
>
> -       BUG_ON(!rfkill);
> +       if (!rfkill)
> +               return -EINVAL;
> +
> +       dev = &rfkill->dev;
>
>         mutex_lock(&rfkill_global_mutex);
>
> --
> 2.20.1
>