Re: [PATCH] dma_async_tx_descriptor: Fix null pointer dereference

[Vinod Koul]

On 03-06-20, 22:59, gaurav singh wrote:
> The check: if (chan && (!len || !dest || !src)) indicates that chan can be
> NULL, however chan is dereferenced in multiple locations later without
> check. In the function: sf_pdma_alloc_desc() and later: chan->desc = desc;
> This can cause segmentation fault if chan is NULL and it doesn't return in
> the first check. To fix, this: add the check for chan right in the
> beginning.
> 
> Please find the patch below. Let me know if there's any issue.

1. please send using git-send-email
2. pls run checkpatch, below formatting is crap

> 
> Thank you.
> Gaurav.
> 
> >From a2f18613751b4ce5b0dba3a273a75957d872ccd3 Mon Sep 17 00:00:00 2001
> From: Gaurav Singh <gaurav1086@xxxxxxxxx>
> Date: Wed, 3 Jun 2020 22:52:31 -0400
> Subject: [PATCH] dma_async_tx_descriptor: Fix null pointer dereference

Care to explain which null pointer dereference?
Also reread Documentation/process/submitting-patches.rst esp word about
subject lines

> 
> ---
>  drivers/dma/sf-pdma/sf-pdma.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/dma/sf-pdma/sf-pdma.c b/drivers/dma/sf-pdma/sf-pdma.c
> index 6d0bec947636..0cbc7b379d11 100644
> --- a/drivers/dma/sf-pdma/sf-pdma.c
> +++ b/drivers/dma/sf-pdma/sf-pdma.c
> @@ -94,7 +94,11 @@ sf_pdma_prep_dma_memcpy(struct dma_chan *dchan,
> dma_addr_t dest, dma_addr_t src,
>   struct sf_pdma_chan *chan = to_sf_pdma_chan(dchan);
>   struct sf_pdma_desc *desc;
> 
> - if (chan && (!len || !dest || !src)) {
> + if (!chan) {
> + return NULL;
> + }
> +
> + if (!len || !dest || !src) {
>   dev_err(chan->pdma->dma_dev.dev,
>   "Please check dma len, dest, src!\n");
>   return NULL;
> -- 
> 2.17.1

-- 
~Vinod