dmaengine Archive on lore.kernel.org
 help / color / Atom feed
* Re: [PATCH] dma_async_tx_descriptor: Fix null pointer dereference
       [not found] <CAFAFadDGQusosHzwqY18bYWF8a3a1OK1+Sr_NtWMOvpFnpmgqA@mail.gmail.com>
@ 2020-06-24  7:44 ` Vinod Koul
  0 siblings, 0 replies; only message in thread
From: Vinod Koul @ 2020-06-24  7:44 UTC (permalink / raw)
  To: gaurav singh
  Cc: green.wan, dan.j.williams, palmer, paul.walmsley, dmaengine,
	linux-kernel

On 03-06-20, 22:59, gaurav singh wrote:
> The check: if (chan && (!len || !dest || !src)) indicates that chan can be
> NULL, however chan is dereferenced in multiple locations later without
> check. In the function: sf_pdma_alloc_desc() and later: chan->desc = desc;
> This can cause segmentation fault if chan is NULL and it doesn't return in
> the first check. To fix, this: add the check for chan right in the
> beginning.
> 
> Please find the patch below. Let me know if there's any issue.

1. please send using git-send-email
2. pls run checkpatch, below formatting is crap

> 
> Thank you.
> Gaurav.
> 
> >From a2f18613751b4ce5b0dba3a273a75957d872ccd3 Mon Sep 17 00:00:00 2001
> From: Gaurav Singh <gaurav1086@gmail.com>
> Date: Wed, 3 Jun 2020 22:52:31 -0400
> Subject: [PATCH] dma_async_tx_descriptor: Fix null pointer dereference

Care to explain which null pointer dereference?
Also reread Documentation/process/submitting-patches.rst esp word about
subject lines

> 
> ---
>  drivers/dma/sf-pdma/sf-pdma.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/dma/sf-pdma/sf-pdma.c b/drivers/dma/sf-pdma/sf-pdma.c
> index 6d0bec947636..0cbc7b379d11 100644
> --- a/drivers/dma/sf-pdma/sf-pdma.c
> +++ b/drivers/dma/sf-pdma/sf-pdma.c
> @@ -94,7 +94,11 @@ sf_pdma_prep_dma_memcpy(struct dma_chan *dchan,
> dma_addr_t dest, dma_addr_t src,
>   struct sf_pdma_chan *chan = to_sf_pdma_chan(dchan);
>   struct sf_pdma_desc *desc;
> 
> - if (chan && (!len || !dest || !src)) {
> + if (!chan) {
> + return NULL;
> + }
> +
> + if (!len || !dest || !src) {
>   dev_err(chan->pdma->dma_dev.dev,
>   "Please check dma len, dest, src!\n");
>   return NULL;
> -- 
> 2.17.1

-- 
~Vinod

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CAFAFadDGQusosHzwqY18bYWF8a3a1OK1+Sr_NtWMOvpFnpmgqA@mail.gmail.com>
2020-06-24  7:44 ` [PATCH] dma_async_tx_descriptor: Fix null pointer dereference Vinod Koul

dmaengine Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/dmaengine/0 dmaengine/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dmaengine dmaengine/ https://lore.kernel.org/dmaengine \
		dmaengine@vger.kernel.org
	public-inbox-index dmaengine

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.dmaengine


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git