Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp1164143lqs; Wed, 6 Mar 2024 08:03:38 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUYMx+52r/IMoLKpAg4cKLPBDdi91esYPs6WE3ZNK81rB3VvvIWBILqNUvGam2wM4T7q+Dxvzz1IYZoyAeVP/lUpAyrodq5hS0g/DY2Qg== X-Google-Smtp-Source: AGHT+IFx4LV9KjesOnTb42CEIAeGgd0fVcKnlllPqYRbwYvkOD9ncqR0Uw8D2qs6/rI2KQnIQUAJ X-Received: by 2002:a17:902:d547:b0:1dc:ca39:11f9 with SMTP id z7-20020a170902d54700b001dcca3911f9mr734011plf.17.1709741017860; Wed, 06 Mar 2024 08:03:37 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709741017; cv=pass; d=google.com; s=arc-20160816; b=OHEqYFutsmeg2rG7U8tMQI0od+3bLZag8Hl6ZUmNCioCCfpXwDzPoG4CI+YkpvP0h5 N7H0tL17m3zJeTkm7L1mdMgDjZWpI1a9wwoEWzQDPo2Oo/ya3ZANeTVVFVyJ5biY+irq F6EDZOq8iXfZzUVi9a3skecJs/YLXHxO372f1FlbehypT45L+Ryi2TPqR3RUTXFdKUJp 4eYYHIy+z70ZrOQlb16ocU61Q7zIGaqI4xt7Z5K5s200n0H6U6nsZi+cr4Thkpu73tEQ ckuUUa5AoVjf4lxC8QNFS7UDhcI7Urqn6Q0X19wnS3kxnaBW9eA+LVhluIGXb+yzQYRH ijKg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=ckAyNtrP5c4f3cs2RoVpKPD8Gp7l9mit7Cq+JM89jOM=; fh=oOf7DlbGxCd1Cbzk27ZSoaK5I3yytnyBJpdSLKjBIrY=; b=ojoc5gki9m8rO+7XtWE4NNAKdXYha8TNplJbX+hxM+ERLDD1DGSX+mvEyhiopai/+Y uZao4wdcVkwSCabyfwH9vhRaJRFysFFeW8S+3fEYX41hGd8KSIzXzvK6GXYK4Juv72Jg Ns73GqMyWHwa/P0EpK/XlbHk8JyKlLABmiROEkDBYvS5E3l8tyqAdemh39BuEraQknYe Y0hjffmp+GvmCAbTo7695QFFvxZrSdqa+LaDlBv8wLW2LKXiaKy+iLqB1ahTP7jNoOTb S1CXtjkWvpEXxaRMGJPdD1K5tIbT5bRFeA98ZU/Iv6Qp7j569Bx6lXlWicVXfu9CfFMr E+TA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=dBfwpnqe; arc=pass (i=1 spf=pass spfdomain=quicinc.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-wireless+bounces-4440-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4440-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id w9-20020a170902c78900b001dca82fc6c9si11763485pla.238.2024.03.06.08.03.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 08:03:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-4440-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=dBfwpnqe; arc=pass (i=1 spf=pass spfdomain=quicinc.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-wireless+bounces-4440-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4440-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 1E4F4B25162 for ; Wed, 6 Mar 2024 15:57:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 824E113540F; Wed, 6 Mar 2024 15:56:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="dBfwpnqe" X-Original-To: linux-wireless@vger.kernel.org Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F37B0134403; Wed, 6 Mar 2024 15:56:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709740594; cv=none; b=lRAVOWgvARLrE7pAiZ+Xak0z0anBCPPVe7M5IWKTIiUbfBMEWa2s8FJjGDDIqrcOemrRuUHt6x//W5r0/THTXFQrT+Z15+ERh91OCOsUFZvi7q6LvdDy3svWkmvj5MqVXr9PZR8wMxDRiyyhKZ+6sumzLBhLCq7Y7BH9vOGcMmA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709740594; c=relaxed/simple; bh=Oz32/wMDNQyZ+GUkfWFCbi2LxQFupaz1KvZmM94gXOg=; h=Message-ID:Date:MIME-Version:Subject:To:CC:References:From: In-Reply-To:Content-Type; b=IXjPYZqClXtRRz8PTNBO0kqIW22K+pFRgtn3h3WRH5Vzzui94pH/KUSM4io0q/UYH/BJMFrfUyIdfvqxxceEIySInjsp5t0oqCLFih4D7ERUNEAUxVjjD5xGsBMASVVdQ8O2Dsck3EGGHYwU2zqXAnpRp9GNzKTRRkARdvWNMLg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=dBfwpnqe; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 426EOGkS023083; Wed, 6 Mar 2024 15:54:53 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= message-id:date:mime-version:subject:to:cc:references:from :in-reply-to:content-type:content-transfer-encoding; s= qcppdkim1; bh=ckAyNtrP5c4f3cs2RoVpKPD8Gp7l9mit7Cq+JM89jOM=; b=dB fwpnqesnlFVMUVteGHjp5KaK3Zrkg/rc6lB4t+xBIcfO2Y/pnWHd4NU49X3OE9uk dtK0u8xDZHxmTzu0T4wCFJ0Iqh6Cy4LU7yTLHYXfbOzu85oQ/Lsmx1Bkd2caYIwt upNff4oqQyh2AoABRYw32m+Rc9/gB/HRBqZJjYN7Tf873h67slwWMIjlpgLugdnB 2/JI/ycvZ2ZAaRznLscQ+e+A7fIwnpWcxMxwsBH3/3g1L8i+j5zvNcT+DesiEQ6e IDpFWP+o4JBFg4SIyPTR6CjfUUf0AM0YE/ANV+1fPTpoR6L3jHiNPxY6HTDyCjWM ZBQK1tDgk1AmvJJgrKvQ== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3wpjy3s619-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Mar 2024 15:54:53 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 426Fsq4e011446 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 6 Mar 2024 15:54:52 GMT Received: from [10.110.86.150] (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Wed, 6 Mar 2024 07:54:51 -0800 Message-ID: <0b9923a3-e9d9-40ba-8acd-a916785df769@quicinc.com> Date: Wed, 6 Mar 2024 07:54:50 -0800 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent Content-Language: en-US To: Rand Deeb , Michael Buesch , , CC: , , , , References: <20240306123028.164155-1-rand.sec96@gmail.com> From: Jeff Johnson In-Reply-To: <20240306123028.164155-1-rand.sec96@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: qQz6YbctqTfkH_2NapHeEo43O1Xy55CE X-Proofpoint-ORIG-GUID: qQz6YbctqTfkH_2NapHeEo43O1Xy55CE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-06_10,2024-03-05_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 impostorscore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 mlxlogscore=683 suspectscore=0 phishscore=0 malwarescore=0 mlxscore=0 spamscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2403060128 On 3/6/2024 4:30 AM, Rand Deeb wrote: > The ssb_device_uevent function first attempts to convert the 'dev' pointer > to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before > performing the NULL check, potentially leading to a NULL pointer > dereference if 'dev' is NULL. > > To fix this issue, this patch moves the NULL check before dereferencing the see "Describe your changes in imperative mood, e.g. "make xyzzy do frotz" instead of "[This patch] makes xyzzy do frotz" or "[I] changed xyzzy to do frotz", as if you are giving orders to the codebase to change its behaviour." so please use imperative mood: s/this patch moves/move/ > 'dev' pointer, ensuring that the pointer is valid before attempting to use > it. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Rand Deeb > --- > drivers/ssb/main.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c > index b9934b9c2d70..070a99a4180c 100644 > --- a/drivers/ssb/main.c > +++ b/drivers/ssb/main.c > @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) > > static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) > { > - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); > + const struct ssb_device *ssb_dev; > > if (!dev) > return -ENODEV; > > + ssb_dev = dev_to_ssb_dev(dev); > + > return add_uevent_var(env, > "MODALIAS=ssb:v%04Xid%04Xrev%02X", > ssb_dev->id.vendor, ssb_dev->id.coreid,