Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp1031887lqs; Wed, 6 Mar 2024 04:32:45 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVx9f8t1Smb7XtEx2CTmxwKL6u+Fx/jzl8quxV7weyW/LapRlT8GLcLzejCM+ZjddeilaR8Ht1jWn6QqWILHQkDb6tVvR0qfNdxrLTspQ== X-Google-Smtp-Source: AGHT+IHTS3zifz0q00BxOaCvQ8DsI2Z7ePPLbraOMEdw3AQ+KQZq11pm7pLyWGMoAlgugzq5swHw X-Received: by 2002:a05:6214:494c:b0:690:46a8:93f with SMTP id pe12-20020a056214494c00b0069046a8093fmr5002246qvb.44.1709728365155; Wed, 06 Mar 2024 04:32:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709728365; cv=pass; d=google.com; s=arc-20160816; b=hV6Zu6bFG4EiXky+G7HW6gRUyP7NWSwsvTEx3iOyigdInNZWE4U4Rvsc4N1khQA/4/ /yy2WH1hy0lQdFAFSlUrNHdFElEuRX7RaBn7bj/0+gy16YLCQqpWM/c7xKgm7d22mR9y zrdVdkOgrVGZYnRlpgih8YKWWo6VQTZxgrCyS+ZiKqHxXfAigH86K9blaG7rljB5LhKj elcLqVIuKG7IninoIHK87uJPSpduATRrGdr2Dbl6kyQr+71hqCpCEU50naQsWiUqdvof xJYGhGuLqVJbYZsTpX4cOLyNP9TVk2gUN1WqaFa1ODxA6zDNXCZ1cyKzfWBuw2YofJCs VojQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=BGNo45CWdeWI1ssvFsIg1kI6YA8MzwdKzzHMhRiBLfo=; fh=9Ep+0qqPcN7Aj+JS0LggQDRfcXJ2wnDProgGdas2LXQ=; b=J+fYbOJhEzUnbeyDIzSe2QG3nr0r/EIHlOPsmHggQmuyzIAN+Fm50wtdAwiSkodY2n ww4ALjx9OiCh8zQv07VXqYPr7ZHUWhnWAh8Ji7ftJc2jAvn9tNS0oDLkwH1pU8bfmuva Y8b49fij/GSto33f8eb6DnEb72RD4jCFlpLbpUMu1LciIJpo++BofiU2OzXhXkAsoJQG rAgEUg0nh39a4QpNhM2gF+Jln+qbemUqOk7l81mGoTc5MH76DnN/Kolv50Zulhe2Kq8q zF8VkRftWfoLAc8WgFfE7D+BJ2OyPhJpp02KtQTNYzEshgtZ4mVA05DnCuYtZ1QCSX5E Wgcw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=flums+Ot; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id or32-20020a05621446a000b0068fd04b90b0si14199643qvb.103.2024.03.06.04.32.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 04:32:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=flums+Ot; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4432-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E26E71C238BB for ; Wed, 6 Mar 2024 12:32:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 00DEA84A5A; Wed, 6 Mar 2024 12:31:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="flums+Ot" X-Original-To: linux-wireless@vger.kernel.org Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B7CC84A2A; Wed, 6 Mar 2024 12:31:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709728268; cv=none; b=VgvEuHFY3d6QwJSRHJ14X2yRGWWMjQRJW32CYI90rvh6cy8qmjkxqGbHEBXy3gFS75Mr1Et1JfgdZa1V/uXq1ly1b7PF/ysWTbF62+hkk+npMppZ6De99YLKLZHqFdgs8QFaQa+cdqu/0c/1IUk7XTP2drnb5sk/HeaIkojb/DA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709728268; c=relaxed/simple; bh=uKV+klLUjkMD5Ca8wpkNsN1iWWbCl3KEGL9BFSa3GBA=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=dcauqCOipTHW9rH5DJwPKsNqJamah6cEY6W0T/6QPUui4UMUhcPIiiZQfVnffueKXzjuEJWi9jYW/FvbCKxdzGJ8uJs6NhM5xcnhhqJFttMCSnekrY9uqo/ydcTWQ9E47/xAEvPkcYjFmb0qxIYgUWEuvEgHigQ0A9AwrdXLSBw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=flums+Ot; arc=none smtp.client-ip=209.85.167.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5135540c40dso2077450e87.3; Wed, 06 Mar 2024 04:31:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709728265; x=1710333065; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BGNo45CWdeWI1ssvFsIg1kI6YA8MzwdKzzHMhRiBLfo=; b=flums+OtCdmFpp6EjeMQ5Ua6uWwyRDH6pAZApsZP38VhPxN2wlDzYsByCKPtsa0vxF +Hcj/5XJus8ZKGbuDIrf22r/2qGzSkksSoP7QCujTGzd7kctVoXNBGmG4j3efyw+l7xW JdP4Bb7LYBth9/yewmCicfFnWs33K+HKxqYyGkdw09DOaZ6ZKZAMF5EC8l8QedBTsU5y B0eb+VQEnoJQPPNS8DYPZX2p7PAVYy5G+23bt0FMDVs1VUFRvb5y7uym0/vT/9nrKy4E OFmmPbE68T7p7n5rzrzUc9LGJHmF3h1Wpp6dx1WKMs+mkwR+cnGdePJ7R6f4K9zeTt7h 1U9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709728265; x=1710333065; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BGNo45CWdeWI1ssvFsIg1kI6YA8MzwdKzzHMhRiBLfo=; b=PNp4VaMXI/jJzmPLiuzX3alAkX+6wCZ9lxgVtQ6VYlq0PuOj1KeLRw5Nq9u3bECyO4 7t2MJ9dipci12VKVhWN8/9YqOQuO5ZPSNHa1TaQ5ozPLjKQo+W95NvN3FmZcG9MyWMTU KdnvmlfPE6TWMXQmt6ddzqcKWrYLlWJsoYRiAbKfyJis+tgUinlWWHSgb8XimOnMlUsR GW2zaoyUNb0P1b3JJwuFX1iWQjTqT2vUYjA3fulPUfGI+pmOtGBMXwt6Z+k0j7cxJ1VL s5IaWpeENdlQ9CVZ/J0e2DuOqRm6vmpa9aCCdk8rLcE0JmBRrF5EtkUNCc3ysYaue5pv 8Zjg== X-Forwarded-Encrypted: i=1; AJvYcCWPYxXALY97QDi3WYpbg8EG/WzdMkWKRj8j7a2b6JXvy1u7rsNPbxYm+WT/n8ZlaM0/6Vg3XSuUsI6h3DnwX+6g8TG8DEFQerhyoHcdiys5ZHQgqUpNaE5HKX6ohOB/0EkAryuhVZyybSNuxGE= X-Gm-Message-State: AOJu0YxHs1G+E7NZpmi7QqHLSZ1PaUhu6HQoFc8lbbciY2zFDdnGpg49 5AvRHAJOJ3bK8D5DdNTkkwme2/z4T2VK7s1j5XA9Gh7aoEHr3pjg X-Received: by 2002:a05:6512:1191:b0:513:42e:ddf0 with SMTP id g17-20020a056512119100b00513042eddf0mr3852061lfr.36.1709728265125; Wed, 06 Mar 2024 04:31:05 -0800 (PST) Received: from rand-ubuntu-development.dl.local ([79.99.106.86]) by smtp.gmail.com with ESMTPSA id z14-20020ac25dee000000b0051345b2b0d6sm475989lfq.258.2024.03.06.04.31.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 04:31:04 -0800 (PST) From: Rand Deeb To: Michael Buesch , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Cc: kvalo@kernel.org, deeb.rand@confident.ru, lvc-project@linuxtesting.org, voskresenski.stanislav@confident.ru, khoroshilov@ispras.ru, Rand Deeb Subject: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent Date: Wed, 6 Mar 2024 15:30:28 +0300 Message-Id: <20240306123028.164155-1-rand.sec96@gmail.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The ssb_device_uevent function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, this patch moves the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index b9934b9c2d70..070a99a4180c 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) { - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + const struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.34.1