258420 – stge: fix null pointer dereference

Bug 258420 - stge: fix null pointer dereference

Summary: stge: fix null pointer dereference

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Mark Johnston

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-09-11 07:20 UTC by Tong Zhang
Modified:	2022-04-07 00:32 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
patch (1.04 KB, patch) 2021-09-11 07:20 UTC, Tong Zhang	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tong Zhang 2021-09-11 07:20:21 UTC

Created attachment 227824 [details]
patch

stge_attach() could fail at line 464, sc->sc_spec remains NULL when
calling stge_detach(), thus bus_release_resources() at line 704 will
trigger null pointer dereference. We need to check the nulliness before
calling bus_release_resources().

Comment 1 Tong Zhang 2022-03-29 06:09:31 UTC

Hi,
Just want to see if is there anyone actually looking at this patch/issue.

I also submitted it on GitHub and Phabricator.
https://reviews.freebsd.org/D34629
https://github.com/freebsd/freebsd-src/pull/594

Thanks,
- Tong

Comment 2 commit-hook freebsd_committer

2022-03-31 20:00:36 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2108cc72906f274f30306570268434c4f8d23636

commit 2108cc72906f274f30306570268434c4f8d23636
Author:     Tong Zhang <ztong0001@gmail.com>
AuthorDate: 2022-03-31 18:16:55 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-03-31 19:54:56 +0000

    stge: fix null pointer dereference

    stge_attach() could fail at line 464, sc->sc_spec remains NULL when
    calling stge_detach(), thus bus_release_resources() at line 704 will
    trigger null pointer dereference. We need to check the nulliness before
    calling bus_release_resources().

    PR:             258420
    Reviewed by:    markj
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D34629

 sys/dev/stge/if_stge.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comment 3 commit-hook freebsd_committer

2022-04-07 00:31:13 UTC

A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=110b8112e5ebf2ba0f00479da1b7eafa83684d2e

commit 110b8112e5ebf2ba0f00479da1b7eafa83684d2e
Author:     Tong Zhang <ztong0001@gmail.com>
AuthorDate: 2022-03-31 18:16:55 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-04-07 00:30:45 +0000

    stge: fix null pointer dereference

    stge_attach() could fail at line 464, sc->sc_spec remains NULL when
    calling stge_detach(), thus bus_release_resources() at line 704 will
    trigger null pointer dereference. We need to check the nulliness before
    calling bus_release_resources().

    PR:             258420
    Reviewed by:    markj

    (cherry picked from commit 2108cc72906f274f30306570268434c4f8d23636)

 sys/dev/stge/if_stge.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comment 4 Mark Johnston freebsd_committer

2022-04-07 00:32:39 UTC

Thanks for the patch.