CVE-2022-49424

When larbdev is NULL (in the case I hit, the node is incorrectly set iommus = <&iommu NUM>), it will cause devicelinkadd() fail and kernel crashes when we try to print dev_name(larbdev).

Let's fail the probe if a larbdev is NULL to avoid invalid inputs from dts.

It should work for normal correct setting and avoid the crash caused by my incorrect setting.

Error log: [ 18.189042][ T301] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 ... [ 18.344519][ T301] pstate: a0400005 (NzCv daif +PAN -UAO) [ 18.345213][ T301] pc : mtkiommuprobedevice+0xf8/0x118 [mtkiommu] [ 18.346050][ T301] lr : mtkiommuprobedevice+0xd0/0x118 [mtkiommu] [ 18.346884][ T301] sp : ffffffc00a5635e0 [ 18.347392][ T301] x29: ffffffc00a5635e0 x28: ffffffd44a46c1d8 [ 18.348156][ T301] x27: ffffff80c39a8000 x26: ffffffd44a80cc38 [ 18.348917][ T301] x25: 0000000000000000 x24: ffffffd44a80cc38 [ 18.349677][ T301] x23: ffffffd44e4da4c6 x22: ffffffd44a80cc38 [ 18.350438][ T301] x21: ffffff80cecd1880 x20: 0000000000000000 [ 18.351198][ T301] x19: ffffff80c439f010 x18: ffffffc00a50d0c0 [ 18.351959][ T301] x17: ffffffffffffffff x16: 0000000000000004 [ 18.352719][ T301] x15: 0000000000000004 x14: ffffffd44eb5d420 [ 18.353480][ T301] x13: 0000000000000ad2 x12: 0000000000000003 [ 18.354241][ T301] x11: 00000000fffffad2 x10: c0000000fffffad2 [ 18.355003][ T301] x9 : a0d288d8d7142d00 x8 : a0d288d8d7142d00 [ 18.355763][ T301] x7 : ffffffd44c2bc640 x6 : 0000000000000000 [ 18.356524][ T301] x5 : 0000000000000080 x4 : 0000000000000001 [ 18.357284][ T301] x3 : 0000000000000000 x2 : 0000000000000005 [ 18.358045][ T301] x1 : 0000000000000000 x0 : 0000000000000000 [ 18.360208][ T301] Hardware name: MT6873 (DT) [ 18.360771][ T301] Call trace: [ 18.361168][ T301] dumpbacktrace+0xf8/0x1f0 [ 18.361737][ T301] dumpstacklvl+0xa8/0x11c [ 18.362305][ T301] dumpstack+0x1c/0x2c [ 18.362816][ T301] mrdumpcommondie+0x184/0x40c [mrdump] [ 18.363575][ T301] ipanicdie+0x24/0x38 [mrdump] [ 18.364230][ T301] atomicnotifiercallchain+0x128/0x2b8 [ 18.364937][ T301] die+0x16c/0x568 [ 18.365394][ T301] __dokernelfault+0x1e8/0x214 [ 18.365402][ T301] dopagefault+0xb8/0x678 [ 18.366934][ T301] dotranslationfault+0x48/0x64 [ 18.368645][ T301] domemabort+0x68/0x148 [ 18.368652][ T301] el1abort+0x40/0x64 [ 18.368660][ T301] el1h64synchandler+0x54/0x88 [ 18.368668][ T301] el1h64sync+0x68/0x6c [ 18.368673][ T301] mtkiommuprobedevice+0xf8/0x118 [mtkiommu] ...

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49424.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

77fbe028d5a3f7fc6060c4454ead9510533acd1e

Fixed

c3c2734e28d7fac50228c4d2b8896e8695adf304

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

18ea450ed1b60c1bb336f5efe874f61909ce7bec

Fixed

e9c63c0f73a1bbfd02624f5eae7e881df8b6830f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

635319a4a7444ca97124d781cd96deb277ff4d40

Fixed

8837c2682b9b2eed83e6212bcf79850c593a6fee

Fixed

de78657e16f41417da9332f09c2d67d100096939

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b7bf68272b6ae7c469854e2e054db1db1d158999

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49424.json"