From patchwork Wed Jun 10 17:23:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 11598435 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1DC94912 for ; Wed, 10 Jun 2020 17:24:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 051C22072E for ; Wed, 10 Jun 2020 17:24:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="o/K8gaqD" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726419AbgFJRYN (ORCPT ); Wed, 10 Jun 2020 13:24:13 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:52436 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726254AbgFJRYM (ORCPT ); Wed, 10 Jun 2020 13:24:12 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 05AHMcxD148306; Wed, 10 Jun 2020 17:24:09 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : mime-version : content-type; s=corp-2020-01-29; bh=xWK0SsPzdRxAbm5qxbxrT1uitLDVumqDlSt+PmBeNPI=; b=o/K8gaqDeyqshGD4gsikjHIw/FkJ7XOsyZN9xWiJ7TXbJrutOd8hDhUf1WzwchYnGl5Y B5ipiiH71U4TxiyLtiqq4efUO0qOursSupifIiBq34uebPQWCy4Ezj4vNP+3LWi58uri my00yvxmlUM69JpX4nimPwj18Zt5aKCh2P6qJDMB6tc4GrNBE4mErXaa51ShRyhoMh3x 4f4ZW4soc0/w8ofFGP0g1pDrR6N6giTsw6r1Vht0GHkXb6sfYds+jY/C2I8osqzZ6BsE kEa2NLY033Z7kY3gUdumC0llqtsZx9XpEjgUz6PwnITkGPwW7uv0Zyjq6XPHU1mW3WxE Ng== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2120.oracle.com with ESMTP id 31g3sn3hes-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 10 Jun 2020 17:24:09 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 05AHNjfF099623; Wed, 10 Jun 2020 17:24:08 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userp3030.oracle.com with ESMTP id 31gn2ytpc7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Jun 2020 17:24:08 +0000 Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 05AHO5RP012671; Wed, 10 Jun 2020 17:24:07 GMT Received: from mwanda (/41.57.98.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 10 Jun 2020 10:24:05 -0700 Date: Wed, 10 Jun 2020 20:23:59 +0300 From: Dan Carpenter To: Joshua Morris , Philip Kelleher Cc: Jens Axboe , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH 1/2] rsxx: Fix potential NULL dereference setting up debugfs Message-ID: <20200610172359.GB90634@mwanda> MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9648 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 phishscore=0 malwarescore=0 bulkscore=0 adultscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006100133 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9648 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 impostorscore=0 cotscore=-2147483648 suspectscore=0 spamscore=0 bulkscore=0 malwarescore=0 phishscore=0 mlxscore=0 mlxlogscore=999 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006100133 Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org The "card->gendisk" pointer is allocated in rsxx_setup_dev() but there is a module option "enable_blkdev" which lets people disable the block device. In that situation the "card->gendisk" pointer is NULL and it would lead to a NULL dereference here. Fixes: 36f988e978f8 ("rsxx: Adding in debugfs entries.") Signed-off-by: Dan Carpenter --- This patch is from static analysis. The patch is obviously harmless. So far as I can tell, the bug is real. But maybe a different solution is prefered? drivers/block/rsxx/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c index 10f6368117d81..6207449fa716f 100644 --- a/drivers/block/rsxx/core.c +++ b/drivers/block/rsxx/core.c @@ -228,6 +228,9 @@ static void rsxx_debugfs_dev_new(struct rsxx_cardinfo *card) struct dentry *debugfs_pci_regs; struct dentry *debugfs_cram; + if (!card->gendisk) + return; + card->debugfs_dir = debugfs_create_dir(card->gendisk->disk_name, NULL); if (IS_ERR_OR_NULL(card->debugfs_dir)) goto failed_debugfs_dir; From patchwork Wed Jun 10 17:24:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 11598437 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0236914E3 for ; Wed, 10 Jun 2020 17:25:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DCDE82070B for ; Wed, 10 Jun 2020 17:25:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="ytsotbX4" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726341AbgFJRZC (ORCPT ); Wed, 10 Jun 2020 13:25:02 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:54764 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726095AbgFJRZC (ORCPT ); Wed, 10 Jun 2020 13:25:02 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 05AHMLs9089394; Wed, 10 Jun 2020 17:24:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : mime-version : content-type : in-reply-to; s=corp-2020-01-29; bh=6OQAg/GSkape6JgCC1S+D4gsmrbv8peyHFGiheXUuGY=; b=ytsotbX4vVC1gMQZ6wNSB5HRCXhWyIZPwRFurGaulP75U8v+6FR0ShkmKGm25HqUor5x EQWYCxvnkK2ZZUO/GFBPj7NvRGX21RTmlZSTv/r/VVPqrGF3Q9geEJFDnvya1pgHL6+D Suda45vGCnRUH6KKnvblowVNXVrZGw19kmWpZDAPWqY1WvrVaOZgT71oGoYPWa0jxVoS K7OB30e4Wn31aZts5TprlItME2C9EHFfXt0sCJUfoAYcmQhQXTPtbrB7/3kR19gKXqGQ jMr+UoePjjo/vg5lG4k0/0zBzc1sLGvm3TVSg4eueYdc54tUbw100ISP9np15GHHH/+f Ww== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2130.oracle.com with ESMTP id 31g2jrbp1m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 10 Jun 2020 17:24:59 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 05AHNjJo099715; Wed, 10 Jun 2020 17:24:59 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userp3030.oracle.com with ESMTP id 31gn2ytq9v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Jun 2020 17:24:59 +0000 Received: from abhmp0003.oracle.com (abhmp0003.oracle.com [141.146.116.9]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 05AHOw9f013073; Wed, 10 Jun 2020 17:24:58 GMT Received: from mwanda (/41.57.98.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 10 Jun 2020 10:24:57 -0700 Date: Wed, 10 Jun 2020 20:24:51 +0300 From: Dan Carpenter To: Joshua Morris , Philip Kelleher Cc: Jens Axboe , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH 2/2] rsxx: Return -EFAULT if copy_to_user() fails Message-ID: <20200610172451.GC90634@mwanda> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200610172359.GB90634@mwanda> X-Mailer: git-send-email haha only kidding X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9648 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 phishscore=0 malwarescore=0 bulkscore=0 adultscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006100133 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9648 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 impostorscore=0 cotscore=-2147483648 priorityscore=1501 spamscore=0 suspectscore=0 lowpriorityscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 phishscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006100133 Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org The copy_to_user() function returns the number of bytes remaining but we want to return -EFAULT to the user if it can't complete the copy. The "st" variable only holds zero on success or negative error codes on failure so the type should be int. Fixes: 36f988e978f8 ("rsxx: Adding in debugfs entries.") Signed-off-by: Dan Carpenter --- drivers/block/rsxx/core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c index 6207449fa716f..558fa263acbc0 100644 --- a/drivers/block/rsxx/core.c +++ b/drivers/block/rsxx/core.c @@ -165,15 +165,17 @@ static ssize_t rsxx_cram_read(struct file *fp, char __user *ubuf, { struct rsxx_cardinfo *card = file_inode(fp)->i_private; char *buf; - ssize_t st; + int st; buf = kzalloc(cnt, GFP_KERNEL); if (!buf) return -ENOMEM; st = rsxx_creg_read(card, CREG_ADD_CRAM + (u32)*ppos, cnt, buf, 1); - if (!st) - st = copy_to_user(ubuf, buf, cnt); + if (!st) { + if (copy_to_user(ubuf, buf, cnt)) + st = -EFAULT; + } kfree(buf); if (st) return st;