1. Patchew
  2. linux
  3. View series

[PATCH] mmc: dw_mmc: Add a defensive check to prevent potential null-pointer dereferences in dw_mci_runtime_resume()

Tuo Li posted 1 patch 2 days, 9 hours ago 
drivers/mmc/host/dw_mmc.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
[PATCH] mmc: dw_mmc: Add a defensive check to prevent potential null-pointer dereferences in dw_mci_runtime_resume()
Posted by Tuo Li 2 days, 9 hours ago 
In this function, the variable host->slot is checked and then dereferenced
in several places which indicates it can be NULL, for example:

  if (host->slot && host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
		dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);

However, in the following cases, host->slot is dereferenced without a
preceding NULL check, which introduces a risk of null-pointer dereference:

  dw_mci_setup_bus(host->slot, true);

  if (sdio_irq_claimed(host->slot->mmc))
    __dw_mci_enable_sdio_irq(host->slot, 1);

  dw_mci_enable_cd(host);

To prevent such issues, add a defensive check to ensure host->slot is not
NULL before dereferencing it.

Signed-off-by: Tuo Li <islituo@gmail.com>
---
 drivers/mmc/host/dw_mmc.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
index 9e74b675e92d..e74dea0a32d4 100644
--- a/drivers/mmc/host/dw_mmc.c
+++ b/drivers/mmc/host/dw_mmc.c
@@ -3670,15 +3670,18 @@ int dw_mci_runtime_resume(struct device *dev)
 	if (host->slot && host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
 		dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);
 
-	/* Force setup bus to guarantee available clock output */
-	dw_mci_setup_bus(host->slot, true);
 
-	/* Re-enable SDIO interrupts. */
-	if (sdio_irq_claimed(host->slot->mmc))
-		__dw_mci_enable_sdio_irq(host->slot, 1);
+	if (host->slot) {
+		/* Force setup bus to guarantee available clock output */
+		dw_mci_setup_bus(host->slot, true);
 
-	/* Now that slots are all setup, we can enable card detect */
-	dw_mci_enable_cd(host);
+		/* Re-enable SDIO interrupts. */
+		if (sdio_irq_claimed(host->slot->mmc))
+			__dw_mci_enable_sdio_irq(host->slot, 1);
+
+		/* Now that slots are all setup, we can enable card detect */
+		dw_mci_enable_cd(host);
+	}
 
 	return 0;
 
-- 
2.43.0
Re: [PATCH] mmc: dw_mmc: Add a defensive check to prevent potential null-pointer dereferences in dw_mci_runtime_resume()
Posted by Shawn Lin 2 days, 1 hour ago 
Hi Tuo,

在 2025/12/12 星期五 0:13, Tuo Li 写道:
> In this function, the variable host->slot is checked and then dereferenced
> in several places which indicates it can be NULL, for example:
> 
>    if (host->slot && host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
> 		dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);
> 
> However, in the following cases, host->slot is dereferenced without a
> preceding NULL check, which introduces a risk of null-pointer dereference:
> 
>    dw_mci_setup_bus(host->slot, true);
> 
>    if (sdio_irq_claimed(host->slot->mmc))
>      __dw_mci_enable_sdio_irq(host->slot, 1);
> 
>    dw_mci_enable_cd(host);
> 
> To prevent such issues, add a defensive check to ensure host->slot is not
> NULL before dereferencing it.
> 

Thanks for your patch. we plan to remove the slot design
entirely soon, probably this cycle.

> Signed-off-by: Tuo Li <islituo@gmail.com>
> ---
>   drivers/mmc/host/dw_mmc.c | 17 ++++++++++-------
>   1 file changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
> index 9e74b675e92d..e74dea0a32d4 100644
> --- a/drivers/mmc/host/dw_mmc.c
> +++ b/drivers/mmc/host/dw_mmc.c
> @@ -3670,15 +3670,18 @@ int dw_mci_runtime_resume(struct device *dev)
>   	if (host->slot && host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
>   		dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);
>   
> -	/* Force setup bus to guarantee available clock output */
> -	dw_mci_setup_bus(host->slot, true);
>   
> -	/* Re-enable SDIO interrupts. */
> -	if (sdio_irq_claimed(host->slot->mmc))
> -		__dw_mci_enable_sdio_irq(host->slot, 1);
> +	if (host->slot) {
> +		/* Force setup bus to guarantee available clock output */
> +		dw_mci_setup_bus(host->slot, true);
>   
> -	/* Now that slots are all setup, we can enable card detect */
> -	dw_mci_enable_cd(host);
> +		/* Re-enable SDIO interrupts. */
> +		if (sdio_irq_claimed(host->slot->mmc))
> +			__dw_mci_enable_sdio_irq(host->slot, 1);
> +
> +		/* Now that slots are all setup, we can enable card detect */
> +		dw_mci_enable_cd(host);
> +	}
>   
>   	return 0;
>
Re: [PATCH] mmc: dw_mmc: Add a defensive check to prevent potential null-pointer dereferences in dw_mci_runtime_resume()
Posted by Tuo Li 1 day, 20 hours ago 
Hi Shawn,

On Fri, Dec 12, 2025 at 8:28 AM Shawn Lin <shawn.lin@rock-chips.com> wrote:
>
> Hi Tuo,
>
> 在 2025/12/12 星期五 0:13, Tuo Li 写道:
> > In this function, the variable host->slot is checked and then dereferenced
> > in several places which indicates it can be NULL, for example:
> >
> >    if (host->slot && host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
> >               dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);
> >
> > However, in the following cases, host->slot is dereferenced without a
> > preceding NULL check, which introduces a risk of null-pointer dereference:
> >
> >    dw_mci_setup_bus(host->slot, true);
> >
> >    if (sdio_irq_claimed(host->slot->mmc))
> >      __dw_mci_enable_sdio_irq(host->slot, 1);
> >
> >    dw_mci_enable_cd(host);
> >
> > To prevent such issues, add a defensive check to ensure host->slot is not
> > NULL before dereferencing it.
> >
>
> Thanks for your patch. we plan to remove the slot design
> entirely soon, probably this cycle.
>

Thanks for your feedback!

> > Signed-off-by: Tuo Li <islituo@gmail.com>
> > ---
> >   drivers/mmc/host/dw_mmc.c | 17 ++++++++++-------
> >   1 file changed, 10 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
> > index 9e74b675e92d..e74dea0a32d4 100644
> > --- a/drivers/mmc/host/dw_mmc.c
> > +++ b/drivers/mmc/host/dw_mmc.c
> > @@ -3670,15 +3670,18 @@ int dw_mci_runtime_resume(struct device *dev)
> >       if (host->slot && host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)
> >               dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios);
> >
> > -     /* Force setup bus to guarantee available clock output */
> > -     dw_mci_setup_bus(host->slot, true);
> >
> > -     /* Re-enable SDIO interrupts. */
> > -     if (sdio_irq_claimed(host->slot->mmc))
> > -             __dw_mci_enable_sdio_irq(host->slot, 1);
> > +     if (host->slot) {
> > +             /* Force setup bus to guarantee available clock output */
> > +             dw_mci_setup_bus(host->slot, true);
> >
> > -     /* Now that slots are all setup, we can enable card detect */
> > -     dw_mci_enable_cd(host);
> > +             /* Re-enable SDIO interrupts. */
> > +             if (sdio_irq_claimed(host->slot->mmc))
> > +                     __dw_mci_enable_sdio_irq(host->slot, 1);
> > +
> > +             /* Now that slots are all setup, we can enable card detect */
> > +             dw_mci_enable_cd(host);
> > +     }
> >
> >       return 0;
> >
>

Sincerely,
Tuo Li

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.