From patchwork Thu Aug  3 06:45:49 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cyril Bur <cyril.bur@au1.ibm.com>
X-Patchwork-Id: 797011
Return-Path: <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3xNLGN6qbHz9s7v
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 Aug 2017 16:47:40 +1000 (AEST)
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 3xNLGN5vbXzDrLV
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 Aug 2017 16:47:40 +1000 (AEST)
X-Original-To: skiboot@lists.ozlabs.org
Delivered-To: skiboot@lists.ozlabs.org
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 3xNLFB34JrzDrL2
	for <skiboot@lists.ozlabs.org>; Thu,  3 Aug 2017 16:46:38 +1000 (AEST)
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id
	v736ixTR107487
	for <skiboot@lists.ozlabs.org>; Thu, 3 Aug 2017 02:46:36 -0400
Received: from e23smtp05.au.ibm.com (e23smtp05.au.ibm.com [202.81.31.147])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2c3x4v2ejm-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <skiboot@lists.ozlabs.org>; Thu, 03 Aug 2017 02:46:35 -0400
Received: from localhost
	by e23smtp05.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <skiboot@lists.ozlabs.org> from <cyril.bur@au1.ibm.com>;
	Thu, 3 Aug 2017 16:46:33 +1000
Received: from d23relay06.au.ibm.com (202.81.31.225)
	by e23smtp05.au.ibm.com (202.81.31.211) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Thu, 3 Aug 2017 16:46:31 +1000
Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.235.139])
	by d23relay06.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	v736kUsY20512944
	for <skiboot@lists.ozlabs.org>; Thu, 3 Aug 2017 16:46:30 +1000
Received: from d23av04.au.ibm.com (localhost [127.0.0.1])
	by d23av04.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	v736kThH013078
	for <skiboot@lists.ozlabs.org>; Thu, 3 Aug 2017 16:46:29 +1000
Received: from ozlabs.au.ibm.com (ozlabs.au.ibm.com [9.192.253.14])
	by d23av04.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id
	v736kTTj013072
	for <skiboot@lists.ozlabs.org>; Thu, 3 Aug 2017 16:46:29 +1000
Received: from camb691.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114])
	(using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 763EBA0098
	for <skiboot@lists.ozlabs.org>; Thu,  3 Aug 2017 16:46:30 +1000 (AEST)
From: Cyril Bur <cyril.bur@au1.ibm.com>
To: skiboot@lists.ozlabs.org
Date: Thu,  3 Aug 2017 16:45:49 +1000
X-Mailer: git-send-email 2.13.3
In-Reply-To: <20170803064551.3439-1-cyril.bur@au1.ibm.com>
References: <20170803064551.3439-1-cyril.bur@au1.ibm.com>
X-TM-AS-MML: disable
x-cbid: 17080306-0016-0000-0000-0000025F6BB7
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17080306-0017-0000-0000-000006E0EB67
Message-Id: <20170803064551.3439-10-cyril.bur@au1.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-08-03_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=1
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000
	definitions=main-1708030104
Subject: [Skiboot] [PATCH 10/12] hw/xive: Fix NULL return value dereferences
	(CID 141079 & 141081)
X-BeenThere: skiboot@lists.ozlabs.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Mailing list for skiboot development <skiboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/skiboot/>
List-Post: <mailto:skiboot@lists.ozlabs.org>
List-Help: <mailto:skiboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Skiboot"
	<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Add NULL checks, it is highly likely that these situations are
'impossible', these checks only serve to be extra safe.

Fixes: CID 141079 and 141081
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
---
 hw/xive.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/xive.c b/hw/xive.c
index 03b9478e..b830ebe0 100644
--- a/hw/xive.c
+++ b/hw/xive.c
@@ -911,9 +911,11 @@ static void xive_init_emu_eq(uint32_t vp_blk, uint32_t vp_idx,
 static uint32_t *xive_get_eq_buf(uint32_t eq_blk, uint32_t eq_idx)
 {
 	struct xive *x = xive_from_vc_blk(eq_blk);
-	struct xive_eq *eq = xive_get_eq(x, eq_idx);
+	struct xive_eq *eq;
 	uint64_t addr;
 
+	assert(x);
+	eq = xive_get_eq(x, eq_idx);
 	assert(eq);
 	assert(eq->w0 & EQ_W0_VALID);
 	addr = (((uint64_t)eq->w2) & 0x0fffffff) << 32 | eq->w3;
@@ -2211,6 +2213,8 @@ static inline bool xive_eq_for_target(uint32_t target, uint8_t prio,
 
 	/* Find the VP structrure where we stashed the EQ number */
 	vp = xive_get_vp(x, vp_idx);
+	if (!vp)
+		return false;
 
 	/* Grab it, it's in the pressure relief interrupt field,
 	 * top 4 bits are the block (word 1).