Linux-mmc Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] mmc: host: fix a possible null pointer access.
@ 2019-12-17  3:17 Pan Zhang
  2019-12-18 11:52 ` Ulf Hansson
  0 siblings, 1 reply; 4+ messages in thread
From: Pan Zhang @ 2019-12-17  3:17 UTC (permalink / raw)
  To: zhangpan26, hushiyuan, jh80.chung, ulf.hansson, p.zabel
  Cc: linux-mmc, linux-kernel

3419     if (host->slot &&
3420         (mmc_can_gpio_cd(host->slot->mmc) ||
3421          !mmc_card_is_removable(host->slot->mmc))) {
3422         ret = clk_prepare_enable(host->biu_clk);
3423         if (ret)
3424             return ret;
3425     }

We previously assumed 'host->slot' could be null (see line 3419).

The following situation is similar, so add a judgement.

Signed-off-by: Pan Zhang <zhangpan26@huawei.com>
---
 drivers/mmc/host/dw_mmc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
index fc9d4d0..8e27c52 100644
--- a/drivers/mmc/host/dw_mmc.c
+++ b/drivers/mmc/host/dw_mmc.c
@@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev)
 	mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE);
 
 
-	if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
+	if (host->slot && (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER))
 		dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);
 
 	/* Force setup bus to guarantee available clock output */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] mmc: host: fix a possible null pointer access.
  2019-12-17  3:17 [PATCH] mmc: host: fix a possible null pointer access Pan Zhang
@ 2019-12-18 11:52 ` Ulf Hansson
  2019-12-19  6:28   ` Pan Zhang
  0 siblings, 1 reply; 4+ messages in thread
From: Ulf Hansson @ 2019-12-18 11:52 UTC (permalink / raw)
  To: Pan Zhang
  Cc: hushiyuan, Jaehoon Chung, Philipp Zabel, linux-mmc,
	Linux Kernel Mailing List

On Tue, 17 Dec 2019 at 04:18, Pan Zhang <zhangpan26@huawei.com> wrote:
>
> 3419     if (host->slot &&
> 3420         (mmc_can_gpio_cd(host->slot->mmc) ||
> 3421          !mmc_card_is_removable(host->slot->mmc))) {
> 3422         ret = clk_prepare_enable(host->biu_clk);
> 3423         if (ret)
> 3424             return ret;
> 3425     }
>
> We previously assumed 'host->slot' could be null (see line 3419).
>
> The following situation is similar, so add a judgement.
>
> Signed-off-by: Pan Zhang <zhangpan26@huawei.com>
> ---
>  drivers/mmc/host/dw_mmc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
> index fc9d4d0..8e27c52 100644
> --- a/drivers/mmc/host/dw_mmc.c
> +++ b/drivers/mmc/host/dw_mmc.c
> @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev)
>         mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE);
>
>
> -       if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
> +       if (host->slot && (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER))
>                 dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);

This shouldn't be a problem as the ->runtime_resume() callback can't
be invoked, unless there is a slot.

>
>         /* Force setup bus to guarantee available clock output */
> --
> 2.7.4
>

Kind regards
Uffe

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Re: [PATCH] mmc: host: fix a possible null pointer access.
  2019-12-18 11:52 ` Ulf Hansson
@ 2019-12-19  6:28   ` Pan Zhang
  2019-12-19  7:07     ` Ulf Hansson
  0 siblings, 1 reply; 4+ messages in thread
From: Pan Zhang @ 2019-12-19  6:28 UTC (permalink / raw)
  To: ulf.hansson, p.zabel, jh80.chung, zhangpan26, hushiyuan
  Cc: linux-mmc, linux-kernel

On Wed, 18 Dec 2019 at 7:52 p.m., Ulf Hansson <ulf.hansson@linaro.org> wrote:
>>
>> 3419     if (host->slot &&
>> 3420         (mmc_can_gpio_cd(host->slot->mmc) ||
>> 3421          !mmc_card_is_removable(host->slot->mmc))) {
>> 3422         ret = clk_prepare_enable(host->biu_clk);
>> 3423         if (ret)
>> 3424             return ret;
>> 3425     }
>>
>> We previously assumed 'host->slot' could be null (see line 3419).
>>
>> The following situation is similar, so add a judgement.
>>
>> Signed-off-by: Pan Zhang <zhangpan26@huawei.com>
>> ---
>>  drivers/mmc/host/dw_mmc.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c 
>> index fc9d4d0..8e27c52 100644
>> --- a/drivers/mmc/host/dw_mmc.c
>> +++ b/drivers/mmc/host/dw_mmc.c
>> @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev)
>>         mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE);
>>
>>
>> -       if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
>> +       if (host->slot && (host->slot->mmc->pm_flags & 
>> + MMC_PM_KEEP_POWER))
>>                 dw_mci_set_ios(host->slot->mmc, 
>> &host->slot->mmc->ios);

>This shouldn't be a problem as the ->runtime_resume() callback can't be invoked, unless there is a slot.

>>
>>         /* Force setup bus to guarantee available clock output */
>> --
>> 2.7.4
>>

If so, there is no need to assume host->slot pointer previously(line 3419)?


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Re: [PATCH] mmc: host: fix a possible null pointer access.
  2019-12-19  6:28   ` Pan Zhang
@ 2019-12-19  7:07     ` Ulf Hansson
  0 siblings, 0 replies; 4+ messages in thread
From: Ulf Hansson @ 2019-12-19  7:07 UTC (permalink / raw)
  To: Pan Zhang
  Cc: Philipp Zabel, Jaehoon Chung, hushiyuan, linux-mmc,
	Linux Kernel Mailing List

On Thu, 19 Dec 2019 at 07:28, Pan Zhang <zhangpan26@huawei.com> wrote:
>
> On Wed, 18 Dec 2019 at 7:52 p.m., Ulf Hansson <ulf.hansson@linaro.org> wrote:
> >>
> >> 3419     if (host->slot &&
> >> 3420         (mmc_can_gpio_cd(host->slot->mmc) ||
> >> 3421          !mmc_card_is_removable(host->slot->mmc))) {
> >> 3422         ret = clk_prepare_enable(host->biu_clk);
> >> 3423         if (ret)
> >> 3424             return ret;
> >> 3425     }
> >>
> >> We previously assumed 'host->slot' could be null (see line 3419).
> >>
> >> The following situation is similar, so add a judgement.
> >>
> >> Signed-off-by: Pan Zhang <zhangpan26@huawei.com>
> >> ---
> >>  drivers/mmc/host/dw_mmc.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
> >> index fc9d4d0..8e27c52 100644
> >> --- a/drivers/mmc/host/dw_mmc.c
> >> +++ b/drivers/mmc/host/dw_mmc.c
> >> @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev)
> >>         mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE);
> >>
> >>
> >> -       if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
> >> +       if (host->slot && (host->slot->mmc->pm_flags &
> >> + MMC_PM_KEEP_POWER))
> >>                 dw_mci_set_ios(host->slot->mmc,
> >> &host->slot->mmc->ios);
>
> >This shouldn't be a problem as the ->runtime_resume() callback can't be invoked, unless there is a slot.
>
> >>
> >>         /* Force setup bus to guarantee available clock output */
> >> --
> >> 2.7.4
> >>
>
> If so, there is no need to assume host->slot pointer previously(line 3419)?
>

Yeah, there is probably more cases that has unnecessary "protection".

Kind regards
Uffe

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-17  3:17 [PATCH] mmc: host: fix a possible null pointer access Pan Zhang
2019-12-18 11:52 ` Ulf Hansson
2019-12-19  6:28   ` Pan Zhang
2019-12-19  7:07     ` Ulf Hansson

Linux-mmc Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-mmc/0 linux-mmc/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-mmc linux-mmc/ https://lore.kernel.org/linux-mmc \
		linux-mmc@vger.kernel.org
	public-inbox-index linux-mmc

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-mmc


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git