On Mon, Feb 24, 2025 at 04:37:07PM +0800, jianqi.ren.cn@xxxxxxxxxxxxx wrote: > From: Rand Deeb <rand.sec96@xxxxxxxxx> > > [ Upstream commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 ] > > The ssb_device_uevent() function first attempts to convert the 'dev' pointer > to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before > performing the NULL check, potentially leading to a NULL pointer > dereference if 'dev' is NULL. > > To fix this issue, move the NULL check before dereferencing the 'dev' pointer, > ensuring that the pointer is valid before attempting to use it. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Rand Deeb <rand.sec96@xxxxxxxxx> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxx> > Link: https://msgid.link/20240306123028.164155-1-rand.sec96@xxxxxxxxx > Signed-off-by: Jianqi Ren <jianqi.ren.cn@xxxxxxxxxxxxx> > Signed-off-by: He Zhe <zhe.he@xxxxxxxxxxxxx> > --- > Verified the build test. > --- > drivers/ssb/main.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c > index d52e91258e98..aae50a5dfb57 100644 > --- a/drivers/ssb/main.c > +++ b/drivers/ssb/main.c > @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) > > static int ssb_device_uevent(struct device *dev, struct kobj_uevent_env *env) > { > - struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); > + struct ssb_device *ssb_dev; > > if (!dev) > return -ENODEV; > > + ssb_dev = dev_to_ssb_dev(dev); This patch does nothing, sorry. It's impossible for dev to be null so no need to verify this and I guess I'll go reject the cve that was assigned to it as well as it's pointless. thanks, greg k-h
