tee: shm: Potential NULL dereference calling tee_shm_register()

get_user_pages_fast() can return zero in certain error paths. We should handle that or else it means we accidentally return ERR_PTR(0) which is NULL instead of an error pointer. The callers are not expecting that and will crash with a NULL dereference. Fixes: 033ddf12 ("tee: add register user memory") Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Jens Wiklander <jens.wiklander@linaro.org>

tee: shm: Potential NULL dereference calling tee_shm_register()
get_user_pages_fast() can return zero in certain error paths. We should handle that or else it means we accidentally return ERR_PTR(0) which is NULL instead of an error pointer. The callers are not expecting that and will crash with a NULL dereference. Fixes: 033ddf12 ("tee: add register user memory") Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Jens Wiklander <jens.wiklander@linaro.org>
2490cdf6 · Dan Carpenter · Jens Wiklander · c94f31b5 · 2490cdf6
显示空白变更内容
内联并排

Showing with 1 addition and 1 deletion

drivers/tee/tee_shm.c drivers/tee/tee_shm.c +1 -1

未找到文件。
--- a/drivers/tee/tee_shm.c
+++ b/drivers/tee/tee_shm.c
@@ -283,7 +283,7 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr,
 	if (rc > 0)
 		shm->num_pages = rc;
 	if (rc != num_pages) {
-		if (rc > 0)
+		if (rc >= 0)
 			rc = -ENOMEM;
 		ret = ERR_PTR(rc);
 		goto err;