Re: [PATCH] ata: dwc_460ex: Avoid potential NULL pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/24/19 11:28 AM, Jens Axboe wrote:
> On 3/4/19 4:08 PM, Aditya Pakki wrote:
>> dma_async_tx_descriptor can contain a NULL variable and using
>> it in dmaengine_submit without checking can crash the process.
>> This patch avoids such a scenario.
>>
>> Signed-off-by: Aditya Pakki <pakki001@xxxxxxx>
>> ---
>>  drivers/ata/sata_dwc_460ex.c | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/ata/sata_dwc_460ex.c b/drivers/ata/sata_dwc_460ex.c
>> index 6f142aa54f5f..44a0d7a1ef54 100644
>> --- a/drivers/ata/sata_dwc_460ex.c
>> +++ b/drivers/ata/sata_dwc_460ex.c
>> @@ -1052,8 +1052,10 @@ static void sata_dwc_bmdma_start_by_tag(struct ata_queued_cmd *qc, u8 tag)
>>  					SATA_DWC_DMACR_RXCHEN);
>>  
>>  		/* Enable AHB DMA transfer on the specified channel */
>> -		dmaengine_submit(desc);
>> -		dma_async_issue_pending(hsdevp->chan);
>> +		if (desc) {
>> +			dmaengine_submit(desc);
>> +			dma_async_issue_pending(hsdevp->chan);
>> +		}
>>  	}
>>  }
> 
> Hmm, if desc == NULL, is that an error condition?
> 
Jens,
In dmaengine_submit, the desc variable is dereferenced without a check for NULL.



[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux