diff mbox series

crypto: ccp: Check for NULL PSP pointer at module unload

Message ID 20180726143759.20737.10855.stgit@tlendack-t1.amdoffice.net (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show
Series crypto: ccp: Check for NULL PSP pointer at module unload | expand

Commit Message

Tom Lendacky July 26, 2018, 2:37 p.m. UTC 
Should the PSP initialization fail, the PSP data structure will be
freed and the value contained in the sp_device struct set to NULL.
At module unload, psp_dev_destroy() does not check if the pointer
value is NULL and will end up dereferencing a NULL pointer.

Add a pointer check of the psp_data field in the sp_device struct
in psp_dev_destroy() and return immediately if it is NULL.

Cc: <stable@vger.kernel.org> # 4.16.x-
Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 drivers/crypto/ccp/psp-dev.c |    3 +++
 1 file changed, 3 insertions(+)

Comments

Gary R Hook July 26, 2018, 5:57 p.m. UTC | #1 
On 07/26/2018 09:37 AM, Tom Lendacky wrote:
> Should the PSP initialization fail, the PSP data structure will be
> freed and the value contained in the sp_device struct set to NULL.
> At module unload, psp_dev_destroy() does not check if the pointer
> value is NULL and will end up dereferencing a NULL pointer.
> 
> Add a pointer check of the psp_data field in the sp_device struct
> in psp_dev_destroy() and return immediately if it is NULL.
> 
> Cc: <stable@vger.kernel.org> # 4.16.x-
> Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support")
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gary R Hook <gary.hook@amd.com>

> ---
>   drivers/crypto/ccp/psp-dev.c |    3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index 9b59638..218739b 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -858,6 +858,9 @@ void psp_dev_destroy(struct sp_device *sp)
>   {
>   	struct psp_device *psp = sp->psp_data;
>   
> +	if (!psp)
> +		return;
> +
>   	if (psp->sev_misc)
>   		kref_put(&misc_dev->refcount, sev_exit);
>   
>
Herbert Xu Aug. 3, 2018, 3:46 p.m. UTC | #2 
Tom Lendacky <thomas.lendacky@amd.com> wrote:
> Should the PSP initialization fail, the PSP data structure will be
> freed and the value contained in the sp_device struct set to NULL.
> At module unload, psp_dev_destroy() does not check if the pointer
> value is NULL and will end up dereferencing a NULL pointer.
> 
> Add a pointer check of the psp_data field in the sp_device struct
> in psp_dev_destroy() and return immediately if it is NULL.
> 
> Cc: <stable@vger.kernel.org> # 4.16.x-
> Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support")
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Patch applied.  Thanks.
diff mbox series

Patch

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 9b59638..218739b 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -858,6 +858,9 @@  void psp_dev_destroy(struct sp_device *sp)
 {
 	struct psp_device *psp = sp->psp_data;
 
+	if (!psp)
+		return;
+
 	if (psp->sev_misc)
 		kref_put(&misc_dev->refcount, sev_exit);