diff mbox series

[next] powerpc/vas: Fix potential NULL pointer dereference

Message ID 20211015050345.GA1161918@embeddedor (mailing list archive)
State Mainlined
Commit 61cb9ac66b30374c7fd8a8b2a3c4f8f432c72e36
Delegated to: Gustavo A. R. Silva
Headers show
Series [next] powerpc/vas: Fix potential NULL pointer dereference | expand

Commit Message

Gustavo A. R. Silva Oct. 15, 2021, 5:03 a.m. UTC 
(!ptr && !ptr->foo) strikes again. :)

The expression (!ptr && !ptr->foo) is bogus and in case ptr is NULL,
it leads to a NULL pointer dereference: ptr->foo.

Fix this by converting && to ||

This issue was detected with the help of Coccinelle, and audited and
fixed manually.

Fixes: 1a0d0d5ed5e3 ("powerpc/vas: Add platform specific user window operations")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 arch/powerpc/platforms/book3s/vas-api.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Tyrel Datwyler Oct. 18, 2021, 9:09 p.m. UTC | #1 
On 10/14/21 10:03 PM, Gustavo A. R. Silva wrote:
> (!ptr && !ptr->foo) strikes again. :)
> 
> The expression (!ptr && !ptr->foo) is bogus and in case ptr is NULL,
> it leads to a NULL pointer dereference: ptr->foo.
> 
> Fix this by converting && to ||
> 
> This issue was detected with the help of Coccinelle, and audited and
> fixed manually.
> 
> Fixes: 1a0d0d5ed5e3 ("powerpc/vas: Add platform specific user window operations")
> Cc: stable@vger.kernel.org
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Looking at the usage pattern it is obvious that if we determine !ptr attempting
to also confirm !ptr->ops is going to blow up.

LGTM.

Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>

> ---
>  arch/powerpc/platforms/book3s/vas-api.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/powerpc/platforms/book3s/vas-api.c b/arch/powerpc/platforms/book3s/vas-api.c
> index 30172e52e16b..4d82c92ddd52 100644
> --- a/arch/powerpc/platforms/book3s/vas-api.c
> +++ b/arch/powerpc/platforms/book3s/vas-api.c
> @@ -303,7 +303,7 @@ static int coproc_ioc_tx_win_open(struct file *fp, unsigned long arg)
>  		return -EINVAL;
>  	}
> 
> -	if (!cp_inst->coproc->vops && !cp_inst->coproc->vops->open_win) {
> +	if (!cp_inst->coproc->vops || !cp_inst->coproc->vops->open_win) {
>  		pr_err("VAS API is not registered\n");
>  		return -EACCES;
>  	}
> @@ -373,7 +373,7 @@ static int coproc_mmap(struct file *fp, struct vm_area_struct *vma)
>  		return -EINVAL;
>  	}
> 
> -	if (!cp_inst->coproc->vops && !cp_inst->coproc->vops->paste_addr) {
> +	if (!cp_inst->coproc->vops || !cp_inst->coproc->vops->paste_addr) {
>  		pr_err("%s(): VAS API is not registered\n", __func__);
>  		return -EACCES;
>  	}
>
Gustavo A. R. Silva Oct. 18, 2021, 9:26 p.m. UTC | #2 
On Mon, Oct 18, 2021 at 02:09:31PM -0700, Tyrel Datwyler wrote:
> On 10/14/21 10:03 PM, Gustavo A. R. Silva wrote:
> > (!ptr && !ptr->foo) strikes again. :)
> > 
> > The expression (!ptr && !ptr->foo) is bogus and in case ptr is NULL,
> > it leads to a NULL pointer dereference: ptr->foo.
> > 
> > Fix this by converting && to ||
> > 
> > This issue was detected with the help of Coccinelle, and audited and
> > fixed manually.
> > 
> > Fixes: 1a0d0d5ed5e3 ("powerpc/vas: Add platform specific user window operations")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> Looking at the usage pattern it is obvious that if we determine !ptr attempting
> to also confirm !ptr->ops is going to blow up.
> 
> LGTM.
> 
> Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>

Thanks, Tyrel.
--
Gustavo

> 
> > ---
> >  arch/powerpc/platforms/book3s/vas-api.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/powerpc/platforms/book3s/vas-api.c b/arch/powerpc/platforms/book3s/vas-api.c
> > index 30172e52e16b..4d82c92ddd52 100644
> > --- a/arch/powerpc/platforms/book3s/vas-api.c
> > +++ b/arch/powerpc/platforms/book3s/vas-api.c
> > @@ -303,7 +303,7 @@ static int coproc_ioc_tx_win_open(struct file *fp, unsigned long arg)
> >  		return -EINVAL;
> >  	}
> > 
> > -	if (!cp_inst->coproc->vops && !cp_inst->coproc->vops->open_win) {
> > +	if (!cp_inst->coproc->vops || !cp_inst->coproc->vops->open_win) {
> >  		pr_err("VAS API is not registered\n");
> >  		return -EACCES;
> >  	}
> > @@ -373,7 +373,7 @@ static int coproc_mmap(struct file *fp, struct vm_area_struct *vma)
> >  		return -EINVAL;
> >  	}
> > 
> > -	if (!cp_inst->coproc->vops && !cp_inst->coproc->vops->paste_addr) {
> > +	if (!cp_inst->coproc->vops || !cp_inst->coproc->vops->paste_addr) {
> >  		pr_err("%s(): VAS API is not registered\n", __func__);
> >  		return -EACCES;
> >  	}
> > 
>
Gustavo A. R. Silva Oct. 26, 2021, 6:42 p.m. UTC | #3 
On Mon, Oct 18, 2021 at 02:09:31PM -0700, Tyrel Datwyler wrote:
> On 10/14/21 10:03 PM, Gustavo A. R. Silva wrote:
> > (!ptr && !ptr->foo) strikes again. :)
> > 
> > The expression (!ptr && !ptr->foo) is bogus and in case ptr is NULL,
> > it leads to a NULL pointer dereference: ptr->foo.
> > 
> > Fix this by converting && to ||
> > 
> > This issue was detected with the help of Coccinelle, and audited and
> > fixed manually.
> > 
> > Fixes: 1a0d0d5ed5e3 ("powerpc/vas: Add platform specific user window operations")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> Looking at the usage pattern it is obvious that if we determine !ptr attempting
> to also confirm !ptr->ops is going to blow up.
> 
> LGTM.
> 
> Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>

I think I'll take this in my tree.

Thanks, Tyrel.
--
Gustavo
Michael Ellerman Oct. 26, 2021, 10:30 p.m. UTC | #4 
"Gustavo A. R. Silva" <gustavoars@kernel.org> writes:
> On Mon, Oct 18, 2021 at 02:09:31PM -0700, Tyrel Datwyler wrote:
>> On 10/14/21 10:03 PM, Gustavo A. R. Silva wrote:
>> > (!ptr && !ptr->foo) strikes again. :)
>> > 
>> > The expression (!ptr && !ptr->foo) is bogus and in case ptr is NULL,
>> > it leads to a NULL pointer dereference: ptr->foo.
>> > 
>> > Fix this by converting && to ||
>> > 
>> > This issue was detected with the help of Coccinelle, and audited and
>> > fixed manually.
>> > 
>> > Fixes: 1a0d0d5ed5e3 ("powerpc/vas: Add platform specific user window operations")
>> > Cc: stable@vger.kernel.org
>> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
>> Looking at the usage pattern it is obvious that if we determine !ptr attempting
>> to also confirm !ptr->ops is going to blow up.
>> 
>> LGTM.
>> 
>> Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>
>
> I think I'll take this in my tree.

I've already put it in powerpc/next:

  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=61cb9ac66b30374c7fd8a8b2a3c4f8f432c72e36

If you need to pick it up as well for some reason that's fine.

cheers
Gustavo A. R. Silva Oct. 26, 2021, 10:40 p.m. UTC | #5 
On Wed, Oct 27, 2021 at 09:30:53AM +1100, Michael Ellerman wrote:
[..]
> > I think I'll take this in my tree.
> 
> I've already put it in powerpc/next:
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=61cb9ac66b30374c7fd8a8b2a3c4f8f432c72e36

Oh, great. :)

> If you need to pick it up as well for some reason that's fine.

I just didn't  want it to get lost somehow. I'll drop it from tree now.

Thanks
--
Gustavo
Michael Ellerman Oct. 27, 2021, 11:21 a.m. UTC | #6 
"Gustavo A. R. Silva" <gustavoars@kernel.org> writes:
> On Wed, Oct 27, 2021 at 09:30:53AM +1100, Michael Ellerman wrote:
> [..]
>> > I think I'll take this in my tree.
>> 
>> I've already put it in powerpc/next:
>> 
>>   https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=61cb9ac66b30374c7fd8a8b2a3c4f8f432c72e36
>
> Oh, great. :)
>
>> If you need to pick it up as well for some reason that's fine.
>
> I just didn't  want it to get lost somehow. I'll drop it from tree now.

No worries, sorry I've been so slow lately.

cheers
Michael Ellerman Nov. 2, 2021, 10:11 a.m. UTC | #7 
On Fri, 15 Oct 2021 00:03:45 -0500, Gustavo A. R. Silva wrote:
> (!ptr && !ptr->foo) strikes again. :)
> 
> The expression (!ptr && !ptr->foo) is bogus and in case ptr is NULL,
> it leads to a NULL pointer dereference: ptr->foo.
> 
> Fix this by converting && to ||
> 
> [...]

Applied to powerpc/next.

[1/1] powerpc/vas: Fix potential NULL pointer dereference
      https://git.kernel.org/powerpc/c/61cb9ac66b30374c7fd8a8b2a3c4f8f432c72e36

cheers
diff mbox series

Patch

diff --git a/arch/powerpc/platforms/book3s/vas-api.c b/arch/powerpc/platforms/book3s/vas-api.c
index 30172e52e16b..4d82c92ddd52 100644
--- a/arch/powerpc/platforms/book3s/vas-api.c
+++ b/arch/powerpc/platforms/book3s/vas-api.c
@@ -303,7 +303,7 @@  static int coproc_ioc_tx_win_open(struct file *fp, unsigned long arg)
 		return -EINVAL;
 	}
 
-	if (!cp_inst->coproc->vops && !cp_inst->coproc->vops->open_win) {
+	if (!cp_inst->coproc->vops || !cp_inst->coproc->vops->open_win) {
 		pr_err("VAS API is not registered\n");
 		return -EACCES;
 	}
@@ -373,7 +373,7 @@  static int coproc_mmap(struct file *fp, struct vm_area_struct *vma)
 		return -EINVAL;
 	}
 
-	if (!cp_inst->coproc->vops && !cp_inst->coproc->vops->paste_addr) {
+	if (!cp_inst->coproc->vops || !cp_inst->coproc->vops->paste_addr) {
 		pr_err("%s(): VAS API is not registered\n", __func__);
 		return -EACCES;
 	}