* [PATCH] dma-iommu: Add a check to avoid dereference null pointer in function iommu_dma_map_sg()
@ 2021-05-21 3:05 chenxiang
2021-05-21 10:36 ` Robin Murphy
0 siblings, 1 reply; 3+ messages in thread
From: chenxiang @ 2021-05-21 3:05 UTC (permalink / raw)
To: robin.murphy, will, joro, hch; +Cc: iommu, linuxarm, linuxarm
From: Xiang Chen <chenxiang66@hisilicon.com>
The issue is reported by tool TscanCode, and it is possible to deference
null pointer when prev is NULL which is the initial value.
Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
---
drivers/iommu/dma-iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
index 4cb63b2..88a4f34 100644
--- a/drivers/iommu/dma-iommu.c
+++ b/drivers/iommu/dma-iommu.c
@@ -1042,7 +1042,7 @@ static int iommu_dma_map_sg(struct device *dev, struct scatterlist *sg,
* iova_len == 0, thus we cannot dereference prev the first
* time through here (i.e. before it has a meaningful value).
*/
- if (pad_len && pad_len < s_length - 1) {
+ if (prev && pad_len && pad_len < s_length - 1) {
prev->length += pad_len;
iova_len += pad_len;
}
--
2.8.1
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] dma-iommu: Add a check to avoid dereference null pointer in function iommu_dma_map_sg()
2021-05-21 3:05 [PATCH] dma-iommu: Add a check to avoid dereference null pointer in function iommu_dma_map_sg() chenxiang
@ 2021-05-21 10:36 ` Robin Murphy
2021-05-21 12:34 ` chenxiang (M)
0 siblings, 1 reply; 3+ messages in thread
From: Robin Murphy @ 2021-05-21 10:36 UTC (permalink / raw)
To: chenxiang, will, joro, hch; +Cc: iommu, linuxarm, linuxarm
On 2021-05-21 04:05, chenxiang wrote:
> From: Xiang Chen <chenxiang66@hisilicon.com>
>
> The issue is reported by tool TscanCode, and it is possible to deference
> null pointer when prev is NULL which is the initial value.
No it isn't. This is literally explained in the comment visible in the
diff context below...
Robin.
> Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
> ---
> drivers/iommu/dma-iommu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> index 4cb63b2..88a4f34 100644
> --- a/drivers/iommu/dma-iommu.c
> +++ b/drivers/iommu/dma-iommu.c
> @@ -1042,7 +1042,7 @@ static int iommu_dma_map_sg(struct device *dev, struct scatterlist *sg,
> * iova_len == 0, thus we cannot dereference prev the first
> * time through here (i.e. before it has a meaningful value).
> */
> - if (pad_len && pad_len < s_length - 1) {
> + if (prev && pad_len && pad_len < s_length - 1) {
> prev->length += pad_len;
> iova_len += pad_len;
> }
>
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] dma-iommu: Add a check to avoid dereference null pointer in function iommu_dma_map_sg()
2021-05-21 10:36 ` Robin Murphy
@ 2021-05-21 12:34 ` chenxiang (M)
0 siblings, 0 replies; 3+ messages in thread
From: chenxiang (M) @ 2021-05-21 12:34 UTC (permalink / raw)
To: Robin Murphy, will, joro, hch; +Cc: iommu, linuxarm, linuxarm
在 2021/5/21 18:36, Robin Murphy 写道:
> On 2021-05-21 04:05, chenxiang wrote:
>> From: Xiang Chen <chenxiang66@hisilicon.com>
>>
>> The issue is reported by tool TscanCode, and it is possible to deference
>> null pointer when prev is NULL which is the initial value.
>
> No it isn't. This is literally explained in the comment visible in the
> diff context below...
>
> Robin.
ok, thanks
>
>> Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
>> ---
>> drivers/iommu/dma-iommu.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
>> index 4cb63b2..88a4f34 100644
>> --- a/drivers/iommu/dma-iommu.c
>> +++ b/drivers/iommu/dma-iommu.c
>> @@ -1042,7 +1042,7 @@ static int iommu_dma_map_sg(struct device *dev,
>> struct scatterlist *sg,
>> * iova_len == 0, thus we cannot dereference prev the first
>> * time through here (i.e. before it has a meaningful
>> value).
>> */
>> - if (pad_len && pad_len < s_length - 1) {
>> + if (prev && pad_len && pad_len < s_length - 1) {
>> prev->length += pad_len;
>> iova_len += pad_len;
>> }
>>
>
> .
>
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-21 12:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-21 3:05 [PATCH] dma-iommu: Add a check to avoid dereference null pointer in function iommu_dma_map_sg() chenxiang
2021-05-21 10:36 ` Robin Murphy
2021-05-21 12:34 ` chenxiang (M)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.