[PATCH] drivers: core: prevent dereferencing of a null pointer in device_move()

From: Roman Smirnov
Date: Thu Mar 07 2024 - 08:12:18 EST

Next message: Hao Ge: "[PATCH] mm/page-flags: make PageMappingFlags return bool"
Previous message: Geert Uytterhoeven: "Re: [PATCH v5 2/3] dt-bindings: auxdisplay: Add bindings for generic 7-segment LED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Parameter new_parent can be equal to NULL. In this case if the
drm_order parameter is equal to DRM_ORDER_DEV_AFTER_PARENT or
DRM_ORDER_PARENT_BEFORE_DEV, a null pointer will be dereferenced.

Found by Linux Verification Center (linuxtesting.org) with Svace.

Signed-off-by: Roman Smirnov <r.smirnov@xxxxxx>
Reviewed-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
---
drivers/base/core.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/drivers/base/core.c b/drivers/base/core.c
index 9828da9b933c..9af7ccf56f42 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -4593,10 +4593,18 @@ int device_move(struct device *dev, struct device *new_parent,
case DPM_ORDER_NONE:
break;
case DPM_ORDER_DEV_AFTER_PARENT:
+ if (!new_parent) {
+ error = -EINVAL;
+ goto out;
+ }
device_pm_move_after(dev, new_parent);
devices_kset_move_after(dev, new_parent);
break;
case DPM_ORDER_PARENT_BEFORE_DEV:
+ if (!new_parent) {
+ error = -EINVAL;
+ goto out;
+ }
device_pm_move_before(new_parent, dev);
devices_kset_move_before(new_parent, dev);
break;
--
2.34.1

Next message: Hao Ge: "[PATCH] mm/page-flags: make PageMappingFlags return bool"
Previous message: Geert Uytterhoeven: "Re: [PATCH v5 2/3] dt-bindings: auxdisplay: Add bindings for generic 7-segment LED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]