From nobody Tue Apr 7 05:43:29 2026 Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BA0A1D61BC for ; Sun, 15 Mar 2026 18:21:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773598884; cv=none; b=XQtBDSFJzn4Pi/zGEoLzDgU0s4pxZioHHHNe4CkOL1FApGIyPJ6UKBSZkJTW6CcCc5FECFEzAZ96EQngvujAQs1nk9X4yHTikfsdiFGovFEDbft3i0Bmn1Skhkjs4PQssbNtB6gMSZNT3VUazGq9qVDJMmzni32dGayN+iPORdQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773598884; c=relaxed/simple; bh=+G9BxPLMWlZdbbuwP5WfbskysP8kPMKf1+VYrKHNnEQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=O8K2ZLhRmHLqIVJd2FclzPkoBzJ0oeapZKOfvu3maQAvuSz/HPjsADQINtBQ8/VJ2ocqEZhxoDMgOZ09IdVmN5NNQ1moCu9ykDg/1OIjiORaGUAzDxaAE/I9/zOdc3RT4u5SsXHgn5BfCvexyikbQxj1R3k6+GtPduzZEI57qVo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ec8Zptqj; arc=none smtp.client-ip=209.85.128.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ec8Zptqj" Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48541edecf9so41292765e9.1 for ; Sun, 15 Mar 2026 11:21:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773598880; x=1774203680; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=NzCLqV+L/stnitiVkEIjw4/HzxboUMGBqtCNLkqpAfI=; b=ec8ZptqjwxSDVuH9hA7pfQjfRA0r/UQpi+OqjJUadfu64xIQ7y3CmY9N9RjfBg4vCT GjLknoFxGS7evV2rxstKkg7Q4MtM+eSZe4vKt5BloW0BU1apWB2Ykz3JQCcnees8FM5b PDtUYbrlniSc5mAgulcnpOrm77v2n6wD4Lozvf4sKbXjf+3lsKbUA1Lzr+FpY/u3VOJT DQxCXG/cEH1UWydByNFur4nreH4TOgVbC4Ej+8oeQ3y1entfvVqNU7RyexmSLsdLnZVo JKBxn32w93v8Dqwg34wMzXUTdUbwP5ifODnYemIZ8I8A0bbSi9QvT+EZVsm8YyI4PoAc SE6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773598880; x=1774203680; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=NzCLqV+L/stnitiVkEIjw4/HzxboUMGBqtCNLkqpAfI=; b=HJocy4VizDoUAP5T63L74fzDOrZIcf1WlLuEnzUr9jFSsI56vf2V1p98FM9qPz95vN 2MLzXWoZSLWFn/QZ7LrUD16TChJYfyxdW4izL7mDd5N6BEVpExu8Bst7xXTMgtKtDSyv 5T8BH2JHdTF3SdvgYdB2unujNAvmQ759mBOZniZXOt79jfHCtijgV5v4b62bYfDCFZz7 QREYFbsBmMfAvKhxp7D2DsjQibmYYUxih4rwCXZnyAcfpNzgp8mBQrD2QfF2Dga9Ko4e mT7qoF+90MJTtVgc3xZtIrKmvhIloHqaNaSIV/nXfh0SX3glq39qWSH9uOriGdAn0I6u sxWA== X-Forwarded-Encrypted: i=1; AJvYcCU3Yi/g/hIutDMzIkSSVMWEI+l5SIt1jIHm0AtOJ5NB58XkqUbh3bPLMvIA5jpIsK/dJusTSWgWNkqgvJg=@vger.kernel.org X-Gm-Message-State: AOJu0YyGOBc5000hiPBYaUAHM3m1uEMlTAgarxFDdSFvW57IkqaM0POF F3Zt/zGx6l2qPjcy8OZ31g7wWI5ArRHRkdkm5CIOsoDkqsgeG9Fv4bNr X-Gm-Gg: ATEYQzyZrhpf/ePY/UzhCFN5szUzTJv9Lf6gwwTMYTcRcRM33gxTHA9KlqmtcxYE4VU nfx/yZJMSCYGcu3wWw7IkW277Z0taN3jqLloFcbwotL+vPMKUOdhLh/qky5jeCEMQQAELLDxcEz A1P1rJc9l4nnT95m+mcX4xkLwlJyTR9mytB4e+d1KBu7SHFFx47p0E9L0BAHFboJXF5jt9laPme 3afUbHsx1eQMggRKHHVyFDbT+WazVCuU6HHux6aVIMVLfcd4/FO4oXNaluxt54kgAlUInSPtRS+ t1tPYCa9dE6wpV4tCuHj5yRN5nEIgvU4RaAkwyP+yF0A+EK4AUGSpdUGhNBgStPtGfg0Y1DLwKU EUUM9JYSLP05rE89LEO+R1xrVh051dZYz9wZfYvxOsUNp6Wei1uFyZK3sQBv+CQJ1xDmMYNwBtN 2Ie9R5rIHtFMPoVArHui7txQWfBP9XniDKkpxSAcu9l/GfYWhitBSTV4w= X-Received: by 2002:a05:600c:8b72:b0:485:3c2d:d02b with SMTP id 5b1f17b1804b1-485566f7a1bmr159928615e9.22.1773598880173; Sun, 15 Mar 2026 11:21:20 -0700 (PDT) Received: from OaroraEtimis.tail60902c.ts.net ([2408:8956:4c20:952e:71d2:7185:4299:35a7]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48557a74266sm69575815e9.17.2026.03.15.11.21.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Mar 2026 11:21:19 -0700 (PDT) From: Oarora Etimis X-Google-Original-From: Oarora Etimis To: vireshk@kernel.org, gregkh@linuxfoundation.org Cc: johan@kernel.org, elder@kernel.org, greybus-dev@lists.linaro.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, Oarora Etimis Subject: [PATCH] staging: greybus: bootrom: fix potential null pointer dereference Date: Mon, 16 Mar 2026 02:20:28 +0800 Message-ID: <20260315182028.133028-1-OaroraEtimis@gmail.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In gb_bootrom_get_firmware(), the 'fw' pointer could be NULL if the function jumps to the 'unlock' label. The execution flow continues into the 'queue_work' block where 'fw->size' is accessed, leading to a null pointer dereference. Fix this by adding a NULL check for 'fw' before accessing its members. Signed-off-by: Oarora Etimis --- drivers/staging/greybus/bootrom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/greybus/bootrom.c b/drivers/staging/greybus/bo= otrom.c index 83921d90c322..50c80475d241 100644 --- a/drivers/staging/greybus/bootrom.c +++ b/drivers/staging/greybus/bootrom.c @@ -298,7 +298,7 @@ static int gb_bootrom_get_firmware(struct gb_operation = *op) =20 queue_work: /* Refresh timeout */ - if (!ret && (offset + size =3D=3D fw->size)) + if (!ret && fw && (offset + size =3D=3D fw->size)) next_request =3D NEXT_REQ_READY_TO_BOOT; else next_request =3D NEXT_REQ_GET_FIRMWARE; --=20 2.47.3