usb: gadget: udc: aspeed-vhub: dev.c Add NULL check in the ast_vhub_init_dev When devm_kasprintf() fails, it returns a NULL pointer. However, this return value is not properly checked in the function ast_vhub_init_dev. A NULL check should be added after the devm_kasprintf call to prevent potential NULL pointer dereference error. CODE: struct ast_vhub_dev *d = &vhub->ports[idx].dev; struct device *parent = &vhub->pdev->dev; int rc; d->vhub = vhub; d->index = idx; d->name = devm_kasprintf(parent, GFP_KERNEL, "port%d", idx+1); d->regs = vhub->regs + 0x100 + 0x10 * idx; ast_vhub_init_ep0(vhub, &d->ep0, d);
On Fri, Mar 28, 2025 at 11:15:22AM +0000, bugzilla-daemon@kernel.org wrote: > When devm_kasprintf() fails, it returns a NULL pointer. However, this return > value is not properly checked in the function ast_vhub_init_dev. > > A NULL check should be added after the devm_kasprintf call to prevent > potential > NULL pointer dereference error. Please submit a patch for this if you feel it needs to be fixed up. thanks, greg k-h
Created attachment 307902 [details] attachment-31827-0.html We should first check devm_kasprintf() before setting d->vhub and d->index, so that if allocation fails, the d struct remains in a clean state. Patch code: int ast_vhub_init_dev(struct ast_vhub *vhub, unsigned int idx) { struct ast_vhub_dev *d = &vhub->ports[idx].dev; struct device *parent = &vhub->pdev->dev; int rc; /* First allocate the name (before modifying d->vhub/index) */ d->name = devm_kasprintf(parent, GFP_KERNEL, "port%d", idx + 1); if (!d->name) return -ENOMEM; /* Now safe to set vhub and index */ d->vhub = vhub; d->index = idx; d->regs = vhub->regs + 0x100 + 0x10 * idx; ast_vhub_init_ep0(vhub, &d->ep0, d); <bugzilla-daemon@kernel.org> 于2025年3月28日周五 19:27写道: > https://bugzilla.kernel.org/show_bug.cgi?id=219951 > > --- Comment #1 from Greg Kroah-Hartman (greg@kroah.com) --- > On Fri, Mar 28, 2025 at 11:15:22AM +0000, bugzilla-daemon@kernel.org > wrote: > > When devm_kasprintf() fails, it returns a NULL pointer. However, this > return > > value is not properly checked in the function ast_vhub_init_dev. > > > > A NULL check should be added after the devm_kasprintf call to prevent > > potential > > NULL pointer dereference error. > > Please submit a patch for this if you feel it needs to be fixed up. > > thanks, > > greg k-h > > -- > You may reply to this email to add a comment. > > You are receiving this mail because: > You reported the bug.
Created attachment 307903 [details] 0001-usb-gadget-aspeed-Null-Check-devm_kasprintf-return-i.patch This is patch file. henry martin <bsdhenrymartin@gmail.com> 于2025年3月28日周五 20:41写道: > We should first check devm_kasprintf() before setting d->vhub and > d->index, so that if allocation fails, the d struct remains in a clean > state. > > Patch code: > int ast_vhub_init_dev(struct ast_vhub *vhub, unsigned int idx) > { > struct ast_vhub_dev *d = &vhub->ports[idx].dev; > struct device *parent = &vhub->pdev->dev; > int rc; > > /* First allocate the name (before modifying d->vhub/index) */ > d->name = devm_kasprintf(parent, GFP_KERNEL, "port%d", idx + 1); > if (!d->name) > return -ENOMEM; > > /* Now safe to set vhub and index */ > d->vhub = vhub; > d->index = idx; > d->regs = vhub->regs + 0x100 + 0x10 * idx; > > ast_vhub_init_ep0(vhub, &d->ep0, d); > > <bugzilla-daemon@kernel.org> 于2025年3月28日周五 19:27写道: > >> https://bugzilla.kernel.org/show_bug.cgi?id=219951 >> >> --- Comment #1 from Greg Kroah-Hartman (greg@kroah.com) --- >> On Fri, Mar 28, 2025 at 11:15:22AM +0000, bugzilla-daemon@kernel.org >> wrote: >> > When devm_kasprintf() fails, it returns a NULL pointer. However, this >> return >> > value is not properly checked in the function ast_vhub_init_dev. >> > >> > A NULL check should be added after the devm_kasprintf call to prevent >> > potential >> > NULL pointer dereference error. >> >> Please submit a patch for this if you feel it needs to be fixed up. >> >> thanks, >> >> greg k-h >> >> -- >> You may reply to this email to add a comment. >> >> You are receiving this mail because: >> You reported the bug. > >
On Fri, Mar 28, 2025 at 01:14:23PM +0000, bugzilla-daemon@kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=219951 > > --- Comment #3 from henry (bsdhenrymartin@gmail.com) --- > This is patch file. Please read the kernel documentation for how to submit a patch in a way we can accept it. We can't take it through bugzilla, sorry.
Created attachment 307904 [details] attachment-24698-0.html Thank you for your feedback. I've now properly submitted this patch via email to the relevant mailing lists with you in CC, as required by the kernel submission process. Please let me know if there are any issues with the submission format or content that I should address. I'm happy to make any necessary adjustments. <bugzilla-daemon@kernel.org> 于2025年3月29日周六 05:08写道: > https://bugzilla.kernel.org/show_bug.cgi?id=219951 > > --- Comment #4 from Greg Kroah-Hartman (greg@kroah.com) --- > On Fri, Mar 28, 2025 at 01:14:23PM +0000, bugzilla-daemon@kernel.org > wrote: > > https://bugzilla.kernel.org/show_bug.cgi?id=219951 > > > > --- Comment #3 from henry (bsdhenrymartin@gmail.com) --- > > This is patch file. > > Please read the kernel documentation for how to submit a patch in a way > we can accept it. We can't take it through bugzilla, sorry. > > -- > You may reply to this email to add a comment. > > You are receiving this mail because: > You reported the bug.