| Message ID | 20240723141344.1331641-1-make24@iscas.ac.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm() | expand |
On Tue, Jul 23, 2024 at 10:13:44PM GMT, Ma Ke wrote: > When dp->con->partner is an error, a NULL pointer dereference may occur. > Add a check for dp->con->partner to avoid dereferencing a NULL pointer. > > Cc: stable@vger.kernel.org > Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version") > Signed-off-by: Ma Ke <make24@iscas.ac.cn> > --- > Changes in v2: > - added Cc stable line; > - fixed a typo. > --- > drivers/usb/typec/ucsi/displayport.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c > index 420af5139c70..ecc706e0800d 100644 > --- a/drivers/usb/typec/ucsi/displayport.c > +++ b/drivers/usb/typec/ucsi/displayport.c > @@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, > switch (cmd_type) { > case CMDT_INIT: > if (PD_VDO_SVDM_VER(header) < svdm_version) { > + if (IS_ERR_OR_NULL(dp->con->partner)) Usually IS_ERR_OR_NULL is one of the red flags. It is either IS_ERR or NULL, but not both. Also could you please describe the path how we can end up here without a proper dp->con->partner. > + break; > typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header)); > svdm_version = PD_VDO_SVDM_VER(header); > } > -- > 2.25.1 >
On Tue, Jul 23, 2024 at 10:13:44PM +0800, Ma Ke wrote: > When dp->con->partner is an error, a NULL pointer dereference may occur. > Add a check for dp->con->partner to avoid dereferencing a NULL pointer. > > Cc: stable@vger.kernel.org > Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version") > Signed-off-by: Ma Ke <make24@iscas.ac.cn> How was this found? How was it tested? Given that the first version didn't even build, it seems like this was never tested at all... thanks, greg k-h
diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..ecc706e0800d 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, switch (cmd_type) { case CMDT_INIT: if (PD_VDO_SVDM_VER(header) < svdm_version) { + if (IS_ERR_OR_NULL(dp->con->partner)) + break; typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header)); svdm_version = PD_VDO_SVDM_VER(header); }
When dp->con->partner is an error, a NULL pointer dereference may occur. Add a check for dp->con->partner to avoid dereferencing a NULL pointer. Cc: stable@vger.kernel.org Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version") Signed-off-by: Ma Ke <make24@iscas.ac.cn> --- Changes in v2: - added Cc stable line; - fixed a typo. --- drivers/usb/typec/ucsi/displayport.c | 2 ++ 1 file changed, 2 insertions(+)