1. Patchew
  2. linux
  3. View series

[PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()

Ma Ke posted 1 patch 1 month, 2 weeks ago 
drivers/usb/typec/ucsi/displayport.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()
Posted by Ma Ke 1 month, 2 weeks ago 
When dp->con->partner is an error, a NULL pointer dereference may occur.
Add a check for dp->con->partner to avoid dereferencing a NULL pointer.

Cc: stable@vger.kernel.org
Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Changes in v2:
- added Cc stable line;
- fixed a typo.
---
 drivers/usb/typec/ucsi/displayport.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
index 420af5139c70..ecc706e0800d 100644
--- a/drivers/usb/typec/ucsi/displayport.c
+++ b/drivers/usb/typec/ucsi/displayport.c
@@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
 	switch (cmd_type) {
 	case CMDT_INIT:
 		if (PD_VDO_SVDM_VER(header) < svdm_version) {
+			if (IS_ERR_OR_NULL(dp->con->partner))
+				break;
 			typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header));
 			svdm_version = PD_VDO_SVDM_VER(header);
 		}
-- 
2.25.1
Re: [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()
Posted by Greg KH 1 month, 2 weeks ago 
On Tue, Jul 23, 2024 at 10:13:44PM +0800, Ma Ke wrote:
> When dp->con->partner is an error, a NULL pointer dereference may occur.
> Add a check for dp->con->partner to avoid dereferencing a NULL pointer.
> 
> Cc: stable@vger.kernel.org
> Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>

How was this found?  How was it tested?  Given that the first version
didn't even build, it seems like this was never tested at all...

thanks,

greg k-h
Re: [PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()
Posted by Dmitry Baryshkov 1 month, 2 weeks ago 
On Tue, Jul 23, 2024 at 10:13:44PM GMT, Ma Ke wrote:
> When dp->con->partner is an error, a NULL pointer dereference may occur.
> Add a check for dp->con->partner to avoid dereferencing a NULL pointer.
> 
> Cc: stable@vger.kernel.org
> Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Changes in v2:
> - added Cc stable line;
> - fixed a typo.
> ---
>  drivers/usb/typec/ucsi/displayport.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
> index 420af5139c70..ecc706e0800d 100644
> --- a/drivers/usb/typec/ucsi/displayport.c
> +++ b/drivers/usb/typec/ucsi/displayport.c
> @@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
>  	switch (cmd_type) {
>  	case CMDT_INIT:
>  		if (PD_VDO_SVDM_VER(header) < svdm_version) {
> +			if (IS_ERR_OR_NULL(dp->con->partner))

Usually IS_ERR_OR_NULL is one of the red flags. It is either IS_ERR or
NULL, but not both.

Also could you please describe the path how we can end up here without a
proper dp->con->partner.

> +				break;
>  			typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header));
>  			svdm_version = PD_VDO_SVDM_VER(header);
>  		}
> -- 
> 2.25.1
> 

-- 
With best wishes
Dmitry

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.