| commit | edccf661e6205d5ffff73860ab22eaf08a611ad9 | |
| author | Daniel Henrique Barboza <danielhb413@gmail.com> | |
| Sat, 9 Apr 2022 20:08:56 +0000 (9 17:08 -0300) | ||
| committer | Daniel Henrique Barboza <danielhb413@gmail.com> | |
| Thu, 28 Jul 2022 13:31:54 +0000 (28 10:31 -0300) | ||
| tree | aa4480e68612129eb0e2ad12cf02e3ba24aa5af6 | treesnapshot (tar.gz zip) |
| parent | 3e4abe2c92964aadd35344a635b0f32cb487fd5c | commitdiff |
hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c
spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the
DRC object returned by spapr_drc_index() without checking it for NULL.
In this case we would be dereferencing a NULL pointer when doing
SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev).
This can happen if, during a scm_flush(), the DRC object is wrongly
freed/released (e.g. a bug in another part of the code).
spapr_drc_index() would then return NULL in the callbacks.
Fixes: Coverity CID 1487108, 1487178
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220409200856.283076-2-danielhb413@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the
DRC object returned by spapr_drc_index() without checking it for NULL.
In this case we would be dereferencing a NULL pointer when doing
SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev).
This can happen if, during a scm_flush(), the DRC object is wrongly
freed/released (e.g. a bug in another part of the code).
spapr_drc_index() would then return NULL in the callbacks.
Fixes: Coverity CID 1487108, 1487178
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220409200856.283076-2-danielhb413@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
| hw/ppc/spapr_nvdimm.c | diffblobblamehistory |