[lvc-project] [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent
Rand Deeb
rand.sec96 at gmail.com
Thu Mar 7 15:49:08 MSK 2024
On Wed, Mar 6, 2024 at 10:51 PM Jonas Gorski <jonas.gorski at gmail.com> wrote:
>
> Hi
>
> The NULL check is what needs to be fixed/removed, not the code
> surrounding it. This function will be called from dev_uevent() [1]
> where dev cannot be NULL. So a NULL dereference cannot happen.
>
> Most other implementors of bus_type::uevent have no NULL check. To be
> precise, there is only one other implementor with a NULL check,
> rio_uevent(), and none of the other ones have one. See e.g.
> bcma_device_uevent(), memstick_uevent(), mips_cdmm_uevent(), or
> fsl_mc_bus_uevent().
>
> [1]
https://elixir.bootlin.com/linux/v6.7.8/source/drivers/base/core.c#L2590
Hi Jonas,
Thank you for the feedback. To be precise there are actually 8 other
implementors (and potentially more) with a NULL check not just one
(parisc_uevent, serio_uevent, ipack_uevent, pci_uevent, pcmcia_bus_uevent,
rio_uevent, zorro_uevent, and soundbus_ueven).
After a second review, I totally concur with your observations. I quickly
judged, I believed there might be an alternative way to call the function
because it's not the only one with a null check, and actually the patch
version 1 got accknowleded, that's why i'm confused.
Given that null is improbable in this context due to the calls being made
through uevent, we should eliminate the redundant condition. In light of
this, would you recommend sending a new version (v4) of the patch with the
correct title and info, or do you think it would be more appropriate to
submit an entirely fresh patch? i'll also send patches to all of the
implementors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20240307/d022d479/attachment.html>
More information about the lvc-project
mailing list