Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp1031887lqs;
        Wed, 6 Mar 2024 04:32:45 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCVx9f8t1Smb7XtEx2CTmxwKL6u+Fx/jzl8quxV7weyW/LapRlT8GLcLzejCM+ZjddeilaR8Ht1jWn6QqWILHQkDb6tVvR0qfNdxrLTspQ==
X-Google-Smtp-Source: AGHT+IHTS3zifz0q00BxOaCvQ8DsI2Z7ePPLbraOMEdw3AQ+KQZq11pm7pLyWGMoAlgugzq5swHw
X-Received: by 2002:a05:6214:494c:b0:690:46a8:93f with SMTP id pe12-20020a056214494c00b0069046a8093fmr5002246qvb.44.1709728365155;
        Wed, 06 Mar 2024 04:32:45 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709728365; cv=pass;
        d=google.com; s=arc-20160816;
        b=hV6Zu6bFG4EiXky+G7HW6gRUyP7NWSwsvTEx3iOyigdInNZWE4U4Rvsc4N1khQA/4/
         /yy2WH1hy0lQdFAFSlUrNHdFElEuRX7RaBn7bj/0+gy16YLCQqpWM/c7xKgm7d22mR9y
         zrdVdkOgrVGZYnRlpgih8YKWWo6VQTZxgrCyS+ZiKqHxXfAigH86K9blaG7rljB5LhKj
         elcLqVIuKG7IninoIHK87uJPSpduATRrGdr2Dbl6kyQr+71hqCpCEU50naQsWiUqdvof
         xJYGhGuLqVJbYZsTpX4cOLyNP9TVk2gUN1WqaFa1ODxA6zDNXCZ1cyKzfWBuw2YofJCs
         VojQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=BGNo45CWdeWI1ssvFsIg1kI6YA8MzwdKzzHMhRiBLfo=;
        fh=9Ep+0qqPcN7Aj+JS0LggQDRfcXJ2wnDProgGdas2LXQ=;
        b=J+fYbOJhEzUnbeyDIzSe2QG3nr0r/EIHlOPsmHggQmuyzIAN+Fm50wtdAwiSkodY2n
         ww4ALjx9OiCh8zQv07VXqYPr7ZHUWhnWAh8Ji7ftJc2jAvn9tNS0oDLkwH1pU8bfmuva
         Y8b49fij/GSto33f8eb6DnEb72RD4jCFlpLbpUMu1LciIJpo++BofiU2OzXhXkAsoJQG
         rAgEUg0nh39a4QpNhM2gF+Jln+qbemUqOk7l81mGoTc5MH76DnN/Kolv50Zulhe2Kq8q
         zF8VkRftWfoLAc8WgFfE7D+BJ2OyPhJpp02KtQTNYzEshgtZ4mVA05DnCuYtZ1QCSX5E
         Wgcw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=flums+Ot;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id or32-20020a05621446a000b0068fd04b90b0si14199643qvb.103.2024.03.06.04.32.44
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Mar 2024 04:32:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=flums+Ot;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id E26E71C238BB
	for <linux.lists.archive@gmail.com>; Wed,  6 Mar 2024 12:32:14 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 00DEA84A5A;
	Wed,  6 Mar 2024 12:31:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="flums+Ot"
X-Original-To: linux-wireless@vger.kernel.org
Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B7CC84A2A;
	Wed,  6 Mar 2024 12:31:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.41
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709728268; cv=none; b=VgvEuHFY3d6QwJSRHJ14X2yRGWWMjQRJW32CYI90rvh6cy8qmjkxqGbHEBXy3gFS75Mr1Et1JfgdZa1V/uXq1ly1b7PF/ysWTbF62+hkk+npMppZ6De99YLKLZHqFdgs8QFaQa+cdqu/0c/1IUk7XTP2drnb5sk/HeaIkojb/DA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709728268; c=relaxed/simple;
	bh=uKV+klLUjkMD5Ca8wpkNsN1iWWbCl3KEGL9BFSa3GBA=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=dcauqCOipTHW9rH5DJwPKsNqJamah6cEY6W0T/6QPUui4UMUhcPIiiZQfVnffueKXzjuEJWi9jYW/FvbCKxdzGJ8uJs6NhM5xcnhhqJFttMCSnekrY9uqo/ydcTWQ9E47/xAEvPkcYjFmb0qxIYgUWEuvEgHigQ0A9AwrdXLSBw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=flums+Ot; arc=none smtp.client-ip=209.85.167.41
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5135540c40dso2077450e87.3;
        Wed, 06 Mar 2024 04:31:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1709728265; x=1710333065; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=BGNo45CWdeWI1ssvFsIg1kI6YA8MzwdKzzHMhRiBLfo=;
        b=flums+OtCdmFpp6EjeMQ5Ua6uWwyRDH6pAZApsZP38VhPxN2wlDzYsByCKPtsa0vxF
         +Hcj/5XJus8ZKGbuDIrf22r/2qGzSkksSoP7QCujTGzd7kctVoXNBGmG4j3efyw+l7xW
         JdP4Bb7LYBth9/yewmCicfFnWs33K+HKxqYyGkdw09DOaZ6ZKZAMF5EC8l8QedBTsU5y
         B0eb+VQEnoJQPPNS8DYPZX2p7PAVYy5G+23bt0FMDVs1VUFRvb5y7uym0/vT/9nrKy4E
         OFmmPbE68T7p7n5rzrzUc9LGJHmF3h1Wpp6dx1WKMs+mkwR+cnGdePJ7R6f4K9zeTt7h
         1U9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709728265; x=1710333065;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BGNo45CWdeWI1ssvFsIg1kI6YA8MzwdKzzHMhRiBLfo=;
        b=PNp4VaMXI/jJzmPLiuzX3alAkX+6wCZ9lxgVtQ6VYlq0PuOj1KeLRw5Nq9u3bECyO4
         7t2MJ9dipci12VKVhWN8/9YqOQuO5ZPSNHa1TaQ5ozPLjKQo+W95NvN3FmZcG9MyWMTU
         KdnvmlfPE6TWMXQmt6ddzqcKWrYLlWJsoYRiAbKfyJis+tgUinlWWHSgb8XimOnMlUsR
         GW2zaoyUNb0P1b3JJwuFX1iWQjTqT2vUYjA3fulPUfGI+pmOtGBMXwt6Z+k0j7cxJ1VL
         s5IaWpeENdlQ9CVZ/J0e2DuOqRm6vmpa9aCCdk8rLcE0JmBRrF5EtkUNCc3ysYaue5pv
         8Zjg==
X-Forwarded-Encrypted: i=1; AJvYcCWPYxXALY97QDi3WYpbg8EG/WzdMkWKRj8j7a2b6JXvy1u7rsNPbxYm+WT/n8ZlaM0/6Vg3XSuUsI6h3DnwX+6g8TG8DEFQerhyoHcdiys5ZHQgqUpNaE5HKX6ohOB/0EkAryuhVZyybSNuxGE=
X-Gm-Message-State: AOJu0YxHs1G+E7NZpmi7QqHLSZ1PaUhu6HQoFc8lbbciY2zFDdnGpg49
	5AvRHAJOJ3bK8D5DdNTkkwme2/z4T2VK7s1j5XA9Gh7aoEHr3pjg
X-Received: by 2002:a05:6512:1191:b0:513:42e:ddf0 with SMTP id g17-20020a056512119100b00513042eddf0mr3852061lfr.36.1709728265125;
        Wed, 06 Mar 2024 04:31:05 -0800 (PST)
Received: from rand-ubuntu-development.dl.local ([79.99.106.86])
        by smtp.gmail.com with ESMTPSA id z14-20020ac25dee000000b0051345b2b0d6sm475989lfq.258.2024.03.06.04.31.04
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Mar 2024 04:31:04 -0800 (PST)
From: Rand Deeb <rand.sec96@gmail.com>
To: Michael Buesch <m@bues.ch>,
	linux-wireless@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: kvalo@kernel.org,
	deeb.rand@confident.ru,
	lvc-project@linuxtesting.org,
	voskresenski.stanislav@confident.ru,
	khoroshilov@ispras.ru,
	Rand Deeb <rand.sec96@gmail.com>
Subject: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent
Date: Wed,  6 Mar 2024 15:30:28 +0300
Message-Id: <20240306123028.164155-1-rand.sec96@gmail.com>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-wireless@vger.kernel.org
List-Id: <linux-wireless.vger.kernel.org>
List-Subscribe: <mailto:linux-wireless+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-wireless+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

The ssb_device_uevent function first attempts to convert the 'dev' pointer
to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before
performing the NULL check, potentially leading to a NULL pointer
dereference if 'dev' is NULL.

To fix this issue, this patch moves the NULL check before dereferencing the
'dev' pointer, ensuring that the pointer is valid before attempting to use
it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Rand Deeb <rand.sec96@gmail.com>
---
 drivers/ssb/main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c
index b9934b9c2d70..070a99a4180c 100644
--- a/drivers/ssb/main.c
+++ b/drivers/ssb/main.c
@@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv)
 
 static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env)
 {
-	const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev);
+	const struct ssb_device *ssb_dev;
 
 	if (!dev)
 		return -ENODEV;
 
+	ssb_dev = dev_to_ssb_dev(dev);
+
 	return add_uevent_var(env,
 			     "MODALIAS=ssb:v%04Xid%04Xrev%02X",
 			     ssb_dev->id.vendor, ssb_dev->id.coreid,
-- 
2.34.1