lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251114080634.2342-1-vulab@iscas.ac.cn>
Date: Fri, 14 Nov 2025 16:06:34 +0800
From: Haotian Zhang <vulab@...as.ac.cn>
To: Antonino Daplas <adaplas@...il.com>,
	Helge Deller <deller@....de>
Cc: linux-fbdev@...r.kernel.org,
	dri-devel@...ts.freedesktop.org,
	linux-kernel@...r.kernel.org,
	Haotian Zhang <vulab@...as.ac.cn>
Subject: [PATCH] fbdev/riva: Add NULL checks for pci_get_domain_bus_and_slot()

The pci_get_domain_bus_and_slot() function can return NULL
if the requested PCI device is not found. The
nForceUpdateArbitrationSettings() and nv10GetConfig()
do not check for this, which can lead to a NULL pointer dereference
when the returned pointer is used in pci_read_config_dword().

Add NULL checks immediately after the calls to
pci_get_domain_bus_and_slot() in both functions.

Fixes: e22810808354 ("video: fbdev: riva: deprecate pci_get_bus_and_slot()")
Signed-off-by: Haotian Zhang <vulab@...as.ac.cn>
---
 drivers/video/fbdev/riva/riva_hw.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/video/fbdev/riva/riva_hw.c b/drivers/video/fbdev/riva/riva_hw.c
index 8b829b720064..5b2f2d57c101 100644
--- a/drivers/video/fbdev/riva/riva_hw.c
+++ b/drivers/video/fbdev/riva/riva_hw.c
@@ -1100,6 +1100,10 @@ static void nForceUpdateArbitrationSettings
 	int domain = pci_domain_nr(pdev->bus);

 	dev = pci_get_domain_bus_and_slot(domain, 0, 3);
+	if (!dev) {
+		WARN_ON(1);
+		return;
+	}
 	pci_read_config_dword(dev, 0x6C, &uMClkPostDiv);
 	pci_dev_put(dev);
 	uMClkPostDiv = (uMClkPostDiv >> 8) & 0xf;
@@ -1115,6 +1119,10 @@ static void nForceUpdateArbitrationSettings
 	sim_data.enable_mp      = 0;

 	dev = pci_get_domain_bus_and_slot(domain, 0, 1);
+	if (!dev) {
+		WARN_ON(1);
+		return;
+	}
 	pci_read_config_dword(dev, 0x7C, &sim_data.memory_type);
 	pci_dev_put(dev);
 	sim_data.memory_type    = (sim_data.memory_type >> 12) & 1;
@@ -2085,11 +2093,19 @@ static void nv10GetConfig
 	 */
 	if(chipset == NV_CHIP_IGEFORCE2) {
 		dev = pci_get_domain_bus_and_slot(domain, 0, 1);
+		if (!dev) {
+			WARN_ON(1);
+			return;
+		}
 		pci_read_config_dword(dev, 0x7C, &amt);
 		pci_dev_put(dev);
 		chip->RamAmountKBytes = (((amt >> 6) & 31) + 1) * 1024;
 	} else if(chipset == NV_CHIP_0x01F0) {
 		dev = pci_get_domain_bus_and_slot(domain, 0, 1);
+		if (!dev) {
+			WARN_ON(1);
+			return;
+		}
 		pci_read_config_dword(dev, 0x84, &amt);
 		pci_dev_put(dev);
 		chip->RamAmountKBytes = (((amt >> 4) & 127) + 1) * 1024;
-- 
2.50.1.windows.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ