| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bbbf2633-69cd-44c8-a94a-a36445121126@linaro.org>
Date: Mon, 23 Jun 2025 08:22:22 +0200
From: neil.armstrong@...aro.org
To: Nitin Rawat <quic_nitirawa@...cinc.com>, mani@...nel.org,
James.Bottomley@...senPartnership.com, martin.petersen@...cle.com,
bvanassche@....org, andersson@...nel.org, konrad.dybcio@....qualcomm.com,
dmitry.baryshkov@....qualcomm.com, quic_cang@...cinc.com, vkoul@...nel.org
Cc: linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-scsi@...r.kernel.org, Naresh Kamboju <naresh.kamboju@...aro.org>,
Aishwarya <aishwarya.tcv@....com>,
Ram Kumar Dwivedi <quic_rdwivedi@...cinc.com>
Subject: Re: [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in
ufs_qcom_setup_clocks
On 22/06/2025 19:51, Nitin Rawat wrote:
> Fix a NULL pointer dereference in ufs_qcom_setup_clocks due to an
> uninitialized 'host' variable. The variable 'phy' is now assigned
> after confirming 'host' is not NULL.
>
> Call Stack:
>
> Unable to handle kernel NULL pointer dereference at
> virtual address 0000000000000000
>
> ufs_qcom_setup_clocks+0x28/0x148 ufs_qcom (P)
> ufshcd_setup_clocks (drivers/ufs/core/ufshcd-priv.h:142)
> ufshcd_init (drivers/ufs/core/ufshcd.c:9468)
> ufshcd_pltfrm_init (drivers/ufs/host/ufshcd-pltfrm.c:504)
> ufs_qcom_probe+0x28/0x68 ufs_qcom
> platform_probe (drivers/base/platform.c:1404)
> really_probe (drivers/base/dd.c:579 drivers/base/dd.c:657)
> __driver_probe_device (drivers/base/dd.c:799)
> driver_probe_device (drivers/base/dd.c:829)
> __driver_attach (drivers/base/dd.c:1216)
> bus_for_each_dev (drivers/base/bus.c:370)
> driver_attach (drivers/base/dd.c:1234)
> bus_add_driver (drivers/base/bus.c:678)
> driver_register (drivers/base/driver.c:249)
> __platform_driver_register (drivers/base/platform.c:868)
> ufs_qcom_pltform_init+0x28/0xff8 ufs_qcom
> do_one_initcall (init/main.c:1274)
> do_init_module (kernel/module/main.c:3041)
> load_module (kernel/module/main.c:3511)
> init_module_from_file (kernel/module/main.c:3704)
> __arm64_sys_finit_module (kernel/module/main.c:3715.
>
> Reviewed-by: Manivannan Sadhasivam <mani@...nel.org>
> Fixes: 77d2fa54a945 ("scsi: ufs: qcom : Refactor phy_power_on/off calls")
> Tested-by: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com> # sc8180x-primus
> Tested-by: Naresh Kamboju <naresh.kamboju@...aro.org>
> Reported-by: Aishwarya <aishwarya.tcv@....com>
> Closes: https://lore.kernel.org/lkml/20250620214408.11028-1-aishwarya.tcv@arm.com/
> Reported-by: Naresh Kamboju <naresh.kamboju@...aro.org>
> Closes: https://lore.kernel.org/linux-scsi/CA+G9fYuFQ2dBvYm1iB6rbwT=4b1c8e4NJ3yxqFPGZGUKH3GmMA@mail.gmail.com/T/#t
> Co-developed-by: Ram Kumar Dwivedi <quic_rdwivedi@...cinc.com>
> Signed-off-by: Ram Kumar Dwivedi <quic_rdwivedi@...cinc.com>
> Signed-off-by: Nitin Rawat <quic_nitirawa@...cinc.com>
> ---
> drivers/ufs/host/ufs-qcom.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
> index ba4b2880279c..318dca7fe3d7 100644
> --- a/drivers/ufs/host/ufs-qcom.c
> +++ b/drivers/ufs/host/ufs-qcom.c
> @@ -1124,7 +1124,7 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
> enum ufs_notify_change_status status)
> {
> struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> - struct phy *phy = host->generic_phy;
> + struct phy *phy;
> int err;
>
> /*
> @@ -1135,6 +1135,8 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
> if (!host)
> return 0;
>
> + phy = host->generic_phy;
> +
> switch (status) {
> case PRE_CHANGE:
> if (on) {
> --
> 2.48.1
>
Reviewed-by: Neil Armstrong <neil.armstrong@...aro.org>
Powered by blists - more mailing lists