[lvc-project] [PATCH] mmc: sh_mmcif: Add check for NULL for host->chan_yx and host->chan_rx in sh_mmcif_end_cmd

Анастасия Белова abelova at astralinux.ru
Fri Nov 18 16:26:58 MSK 2022


You are most likely right: these lines are reached only when dma is active, but it activates only if host->chan_tx (or host->chan_rx) is not NULL. 
   
   

-----Original Message-----

From: Wolfram <wsa+renesas at sang-engineering.com>
To: Anastasia <abelova at astralinux.ru>
Cc: Ulf <ulf.hansson at linaro.org>; Geert <geert+renesas at glider.be>; Jiasheng <jiasheng at iscas.ac.cn>; Teppei <teppei.kamijou.yb at renesas.com>; Guennadi <g.liakhovetski at gmx.de>; Shinya <shinya.kuribayashi.px at renesas.com>; Chris <cjb at laptop.org>; open list:MULTIMEDIA CARD (MMC), SECURE DIGITAL (SD) AND... <linux-mmc at vger.kernel.org>; open <linux-kernel at vger.kernel.org>; lvc-project <lvc-project at linuxtesting.org>
Date: Thursday, 17 November 2022 4:50 PM MSK
Subject: Re: [PATCH] mmc: sh_mmcif: Add check for NULL for host->chan_yx and host->chan_rx in sh_mmcif_end_cmd

On Thu, Nov 17, 2022 at 03:30:07PM +0300, Anastasia Belova wrote: 
> Without these checks NULL-pointer may be dereferenced in 
> sh_mmcif_end_cmd parameters inside if (data->flags & MMC_DATA_READ). 
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE. 

Is there a code path actually triggering it? I wonder because it seems 
to me the check for valid channels is already done a little above when 
DMA is started. And I'd assume once DMA has been started we can take for 
granted that we have a valid channel when unmapping. But maybe I am 
missing some error codepath? 

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20221118/313bec49/attachment.html>


More information about the lvc-project mailing list