[lvc-project] [PATCH] mmc: sh_mmcif: Add check for NULL for host->chan_yx and host->chan_rx in sh_mmcif_end_cmd
Анастасия Белова
abelova at astralinux.ru
Fri Nov 18 16:26:58 MSK 2022
You are most likely right: these lines are reached only when dma is active, but it activates only if host->chan_tx (or host->chan_rx) is not NULL.
-----Original Message-----
From: Wolfram <wsa+renesas at sang-engineering.com>
To: Anastasia <abelova at astralinux.ru>
Cc: Ulf <ulf.hansson at linaro.org>; Geert <geert+renesas at glider.be>; Jiasheng <jiasheng at iscas.ac.cn>; Teppei <teppei.kamijou.yb at renesas.com>; Guennadi <g.liakhovetski at gmx.de>; Shinya <shinya.kuribayashi.px at renesas.com>; Chris <cjb at laptop.org>; open list:MULTIMEDIA CARD (MMC), SECURE DIGITAL (SD) AND... <linux-mmc at vger.kernel.org>; open <linux-kernel at vger.kernel.org>; lvc-project <lvc-project at linuxtesting.org>
Date: Thursday, 17 November 2022 4:50 PM MSK
Subject: Re: [PATCH] mmc: sh_mmcif: Add check for NULL for host->chan_yx and host->chan_rx in sh_mmcif_end_cmd
On Thu, Nov 17, 2022 at 03:30:07PM +0300, Anastasia Belova wrote:
> Without these checks NULL-pointer may be dereferenced in
> sh_mmcif_end_cmd parameters inside if (data->flags & MMC_DATA_READ).
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
Is there a code path actually triggering it? I wonder because it seems
to me the check for valid channels is already done a little above when
DMA is started. And I'd assume once DMA has been started we can take for
granted that we have a valid channel when unmapping. But maybe I am
missing some error codepath?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20221118/313bec49/attachment.html>
More information about the lvc-project
mailing list