[PATCH] dma-debug: Avoid NULL dereference when checking sync

From: Maarten ter Huurne
Date: Mon Oct 31 2016 - 11:13:56 EST

Next message: KY Srinivasan: "RE: [PATCH] Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()"
Previous message: Colin King: "[PATCH] ath9k_htc: fix minor mistakes in dev_err messages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

check_sync() calls bucket_find_contain(), which in turn calls
dma_get_max_seg_size(), which dereferences the device pointer.

Signed-off-by: Maarten ter Huurne <maarten@xxxxxxxxxxxxxx>
---
lib/dma-debug.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/lib/dma-debug.c b/lib/dma-debug.c
index 8971370..84c6e88 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
@@ -1223,6 +1223,11 @@ static void check_sync(struct device *dev,
struct hash_bucket *bucket;
unsigned long flags;

+ if (!ref->dev) {
+ err_printk(dev, NULL, "DMA-API: device driver passes NULL for device to DMA sync function; cannot check usage\n");
+ return;
+ }
+
bucket = get_hash_bucket(ref, &flags);

entry = bucket_find_contain(&bucket, ref, &flags);
--
2.6.6

Next message: KY Srinivasan: "RE: [PATCH] Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()"
Previous message: Colin King: "[PATCH] ath9k_htc: fix minor mistakes in dev_err messages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]