Received: by 2002:ab2:788f:0:b0:1ee:8f2e:70ae with SMTP id b15csp123419lqi; Wed, 6 Mar 2024 11:51:27 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXjlkyndpdkNIcJ+4Getg2PyrXxQWclTnHH7Nu38ITNS6TLGaGO/zng4P1gldcJjlNVdRakYc7lfcrSKsM+GARWVv4j+DypAUzMDvU5Qg== X-Google-Smtp-Source: AGHT+IGumtKTZ8zA3XX+XNqx8dFEKSIkfXluRe/O2TEcc3wYy9PV2JeH51QtyjYddNx55WapnKei X-Received: by 2002:a05:620a:8c05:b0:788:399a:3ae7 with SMTP id qz5-20020a05620a8c0500b00788399a3ae7mr6210100qkn.8.1709754687510; Wed, 06 Mar 2024 11:51:27 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709754687; cv=pass; d=google.com; s=arc-20160816; b=QwXG/6MBct5bdKAIezFVX2wAA+Sdbul3d8nTLnSJlsgrG5jgOEA570rK8ny4vHDMIy rYSvC+ELpt7tpaQsTreOJ7p94KtDnOmQW1h9cyiBG9iGuCoVxjkx7JOJg6Y6MGQFNmuM 5a6ZOwQ6RkiD+XtVam3CVNsIDzWlS9G6ytD1tGQn26isIZkyWpspHIXvhRKx4mo1766t Ra3r/MIwqdR2BU/bOouS/XqQqFMWxPwndo7oYh6oh2lzXxhdlsE7bo7EYj4E+WFPUM+O u7Hq2j6Z7WtxEumzY3s6YVb/9k69AmqsH5PilxsSAyOfTorLHzgWQ7OWmhsg+DO0REp3 I7VA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=S/5scSK9eywFVdWF/QT915II0GhypL657WWWqgaOSUY=; fh=KduiyWbOueYbN/cMkDJ6tDeUai8dhnHQXVZ0KNRO37E=; b=sIo8828Sj7bgtUvrG0rMj3F5uR3Jv/0NOOIoOfsWoLJMdyFnOJ4s4pPpbrfU0/A5gr SCih8MsCdxpfaUsYokU6YfVf3ZnsaQwTkUT0irnsrklh9as3yz3SkwiQpeB0DEfjH5iy xQ6wkQgrA6A5lpo4jnxMekZLcTo1azBw6dVvxCMmsSYfVqN7FHvc7E0d0dUOw0M/jcjj 6VtXMuQc2rjtJ+xY4UZXFzYd9aOuATlV5U1mUKXKAnpfrTChmiVz/+N3L0+uxsl0j7ba UTTK9gokfIsQzzYwxB03egPJvzLPReqDrjG5SlemLe2wC8n/c+x/00yL1wvaSknRRNe8 j3DA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kq2KT4Gt; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-wireless+bounces-4444-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4444-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id v11-20020a05622a144b00b0042ef903c80asi2721433qtx.769.2024.03.06.11.51.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 11:51:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-4444-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kq2KT4Gt; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-wireless+bounces-4444-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4444-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0E60F1C21314 for ; Wed, 6 Mar 2024 19:51:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AD14F13F437; Wed, 6 Mar 2024 19:51:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kq2KT4Gt" X-Original-To: linux-wireless@vger.kernel.org Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 51B1B140E23; Wed, 6 Mar 2024 19:51:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709754683; cv=none; b=hRQOSd45DQywKYpLDvm3n+2Sdj/cWQu/8bLOO8nnPTRCkKqZpCQhALEAiWHwgDqS1dVndW0S9Rb36mojWs7RJINFp/pX2sVPl3NHsAZ6bCwzCVpEk0D/PthOmYEt5vCtM2LKks1pnazNVFCKHTgRLsQbZt3DgR4rrAwpOgx73BM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709754683; c=relaxed/simple; bh=gNDcxxtPCp3Ie6kOqVmKL+FqDqj4N2k7hc5kPZFFnic=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=oGpUMxbCmE8Iih2Pu9I84aY42nhWdTNN8+du+gGyIkP3UGa9jQskxKe/WXWHaKp5EVWApEixVYc9b0dfwS4IzvZLZVqpeZ/2qR7BGmQV9hGrvR4SxWHaqui0sney0vMth6ft72ZClc+/oIECLrnrihEbmHwU2+uIYqxn68IfOqw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kq2KT4Gt; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-29b73143920so936030a91.1; Wed, 06 Mar 2024 11:51:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709754680; x=1710359480; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=S/5scSK9eywFVdWF/QT915II0GhypL657WWWqgaOSUY=; b=kq2KT4Gt1suf3xKSnNS2BOA5gDGIMPJ/L5d/J9SIovaLz+cft2ItZ525nEXJTTrGHU xMpUVhtTEpK0qxQX4JHm8RxMv/5pHlrD/JqJe3BLhsqz28bO7GloqJcc1vzJlhX8Z9Wv Mnls7p/EOWay6eYAlbMcr4iQlOSzmL0ro68VckqSZqwPxrkyt7MSYvFADNlUntYP6Op4 s9LffAxyXoW2ktHeJqfwT86PUcYTI0YX7v6hFJyYAPJ2Tz5MNUwfSrZztnhHimkIlCak LdW77mSKwHR1pFe0i97EXuEO0MowLfi5Brt6LQUNDXYXysrGS/fcrcmFu0QlbFH8Cj0L WBFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709754680; x=1710359480; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=S/5scSK9eywFVdWF/QT915II0GhypL657WWWqgaOSUY=; b=r95Ve1noupN7gRLH8oXN7J+FNNEBYZ0BjNGrcZX1corSxnf8CA1TfJgbBItOYXFdnE tBLyfGeDXG7krwIvPxK8y/CjHoG+DUPkmA58514PdTRGtOtDfOYoTc84xRzyxSBNyXyp iwq4pESOkuZyDxAitfL+E8CTT1a1qHmCvq3IjYFP9Gu555Hv/haKD5AdBjX+82QPimNW 4oxuCNzllUW1S4RHh4hYI67Yv4LtJvPtHWcW0zeb1i4cgqcAuamaTH5ADbnGPRiSUlPP 5mUjCISMsuPm6NhSIWd0lbRc/i/x5y8Dc6PEogrC21b/97gx8ROxMkoEUlp0338F3r/j ObTw== X-Forwarded-Encrypted: i=1; AJvYcCVtvQea1cyr4HvSZoK9/x1Jaw6+VIrbz+XV4darKb0vlUBr54iYvAjha/COMmoAksBTQFL1Z1O41rBMQ90L/U/VZidkh2e6AG20Sk7zLX4+4V3G7x7MJ6cbNmQOvS5EJu9mrhCPgq9CJvwYZgw= X-Gm-Message-State: AOJu0YwYCgc9xTZ+IkVfNfJSvcMSbO/6oKYBpamcw0Usuz/PsZr4/VzD +IohXwTwkh9A2tF5dsh35Xyzq0PkQYaekfiHTtzjYFPxOws3Zpaz1UV2f1wno15oqZg1dncUB7a dJMEipSJ4lP74aZl9jxC1pAkLdkY= X-Received: by 2002:a17:90a:d304:b0:29a:ad3b:6586 with SMTP id p4-20020a17090ad30400b0029aad3b6586mr1570003pju.5.1709754680437; Wed, 06 Mar 2024 11:51:20 -0800 (PST) Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240306123028.164155-1-rand.sec96@gmail.com> In-Reply-To: <20240306123028.164155-1-rand.sec96@gmail.com> From: Jonas Gorski Date: Wed, 6 Mar 2024 20:51:08 +0100 Message-ID: Subject: Re: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent To: Rand Deeb Cc: Michael Buesch , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, kvalo@kernel.org, deeb.rand@confident.ru, lvc-project@linuxtesting.org, voskresenski.stanislav@confident.ru, khoroshilov@ispras.ru Content-Type: text/plain; charset="UTF-8" Hi On Wed, 6 Mar 2024 at 13:32, Rand Deeb wrote: > > The ssb_device_uevent function first attempts to convert the 'dev' pointer > to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before > performing the NULL check, potentially leading to a NULL pointer > dereference if 'dev' is NULL. > > To fix this issue, this patch moves the NULL check before dereferencing the > 'dev' pointer, ensuring that the pointer is valid before attempting to use > it. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Rand Deeb > --- > drivers/ssb/main.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c > index b9934b9c2d70..070a99a4180c 100644 > --- a/drivers/ssb/main.c > +++ b/drivers/ssb/main.c > @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) > > static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) > { > - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); > + const struct ssb_device *ssb_dev; > > if (!dev) > return -ENODEV; > > + ssb_dev = dev_to_ssb_dev(dev); > + The NULL check is what needs to be fixed/removed, not the code surrounding it. This function will be called from dev_uevent() [1] where dev cannot be NULL. So a NULL dereference cannot happen. Most other implementors of bus_type::uevent have no NULL check. To be precise, there is only one other implementor with a NULL check, rio_uevent(), and none of the other ones have one. See e.g. bcma_device_uevent(), memstick_uevent(), mips_cdmm_uevent(), or fsl_mc_bus_uevent(). [1] https://elixir.bootlin.com/linux/v6.7.8/source/drivers/base/core.c#L2590 Best Regards, Jonas