On Fri, Feb 24, 2023 at 06:47:48AM +0000, bugzilla-daemon@xxxxxxxxxx wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=217080 > ... > > miss a null check at > https://elixir.bootlin.com/linux/latest/source/drivers/pci/pcie/aer.c#L383, and > it may cause crush at pointer dereference . e.g. > https://elixir.bootlin.com/linux/latest/source/drivers/pci/pcie/aer.c#L543 Thanks for the report. Have you actually observed a crash here? The stats code was added by: 12833017e581 ("PCI/AER: Add sysfs attributes for rootport cumulative stats") 81aa5206f9a7 ("PCI/AER: Add sysfs attributes to provide AER stats and breakdown") db89ccbe52c7 ("PCI/AER: Define aer_stats structure for AER capable devices") The alloc is in pci_aer_init(), which is called during enumeration: pci_device_add pci_init_capabilities pci_aer_init dev->aer_stats = kzalloc(sizeof(struct aer_stats), GFP_KERNEL); device_add device_add_attrs The dev->aer_stats uses in these functions should be safe because they test for NULL before dereferencing it: pci_dev_aer_stats_incr pci_rootport_aer_stats_incr The uses in these sysfs DEVICE_ATTR_RO macros are a little more subtle: aer_stats_dev_attr aer_stats_rootport_attr They don't test for NULL, but visibility of these attributes is controlled by aer_stats_attrs_are_visible(), which should only make the attributes visible when dev->aer_stats is non-NULL. That .is_visible() function is called inside device_add(), so it happens after the kzalloc in pci_aer_init(). So I *think* the existing code is safe. But if you're seeing a crash, obviously there's something wrong. If you can cause a crash, can you provide a little more detail? Bjorn
