Message ID | 20210415110654.1941580-1-colin.king@canonical.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 28ac8e03c43dfc6a703aa420d18222540b801120 |
Headers | show |
Series | dmaengine: idxd: Fix potential null dereference on pointer status | expand |
On 4/15/2021 4:06 AM, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > There are calls to idxd_cmd_exec that pass a null status pointer however > a recent commit has added an assignment to *status that can end up > with a null pointer dereference. The function expects a null status > pointer sometimes as there is a later assignment to *status where > status is first null checked. Fix the issue by null checking status > before making the assignment. > > Addresses-Coverity: ("Explicit null dereferenced") > Fixes: 89e3becd8f82 ("dmaengine: idxd: check device state before issue command") > Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Dave Jiang <dave.jiang@intel.com> Thanks! > --- > drivers/dma/idxd/device.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c > index 31c819544a22..78d2dc5e9bd8 100644 > --- a/drivers/dma/idxd/device.c > +++ b/drivers/dma/idxd/device.c > @@ -451,7 +451,8 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand, > > if (idxd_device_is_halted(idxd)) { > dev_warn(&idxd->pdev->dev, "Device is HALTED!\n"); > - *status = IDXD_CMDSTS_HW_ERR; > + if (status) > + *status = IDXD_CMDSTS_HW_ERR; > return; > } >
On 15-04-21, 12:06, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > There are calls to idxd_cmd_exec that pass a null status pointer however > a recent commit has added an assignment to *status that can end up > with a null pointer dereference. The function expects a null status > pointer sometimes as there is a later assignment to *status where > status is first null checked. Fix the issue by null checking status > before making the assignment. Applied, thanks
diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c index 31c819544a22..78d2dc5e9bd8 100644 --- a/drivers/dma/idxd/device.c +++ b/drivers/dma/idxd/device.c @@ -451,7 +451,8 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand, if (idxd_device_is_halted(idxd)) { dev_warn(&idxd->pdev->dev, "Device is HALTED!\n"); - *status = IDXD_CMDSTS_HW_ERR; + if (status) + *status = IDXD_CMDSTS_HW_ERR; return; }