[src/trunk]: src/sys/dev Check the return value of device_lookup_private agai...

[nia <nia%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/bfbe174e9b81
branches:  trunk
changeset: 958140:bfbe174e9b81
user:      nia <nia%NetBSD.org@localhost>
date:      Sat Dec 26 14:50:50 2020 +0000

description:
Check the return value of device_lookup_private against NULL.

Reported-by: syzbot+06561ba90b6e618ce6d0%syzkaller.appspotmail.com@localhost

diffstat:

 sys/dev/fss.c |  18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diffs (60 lines):

diff -r f2e867a169e6 -r bfbe174e9b81 sys/dev/fss.c
--- a/sys/dev/fss.c     Sat Dec 26 10:56:25 2020 +0000
+++ b/sys/dev/fss.c     Sat Dec 26 14:50:50 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fss.c,v 1.109 2020/02/23 15:46:39 ad Exp $     */
+/*     $NetBSD: fss.c,v 1.110 2020/12/26 14:50:50 nia Exp $    */
 
 /*-
  * Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fss.c,v 1.109 2020/02/23 15:46:39 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fss.c,v 1.110 2020/12/26 14:50:50 nia Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -240,6 +240,9 @@
        cfdata_t cf;
        struct fss_softc *sc = device_lookup_private(&fss_cd, minor(dev));
 
+       if (sc == NULL)
+               return ENXIO;
+
        mflag = (mode == S_IFCHR ? FSS_CDEV_OPEN : FSS_BDEV_OPEN);
        error = 0;
 
@@ -283,6 +286,11 @@
        const bool write = ((bp->b_flags & B_READ) != B_READ);
        struct fss_softc *sc = device_lookup_private(&fss_cd, minor(bp->b_dev));
 
+       if (sc == NULL) {
+               bp->b_error = ENXIO;
+               goto done;
+       }
+
        mutex_enter(&sc->sc_slock);
 
        if (write || sc->sc_state != FSS_ACTIVE) {
@@ -303,7 +311,8 @@
        return;
 
 done:
-       mutex_exit(&sc->sc_slock);
+       if (sc != NULL)
+               mutex_exit(&sc->sc_slock);
        bp->b_resid = bp->b_bcount;
        biodone(bp);
 }
@@ -333,6 +342,9 @@
        struct fss_get50 *fsg50 = (struct fss_get50 *)data;
 #endif
 
+       if (sc == NULL)
+               return ENXIO;
+
        switch (cmd) {
        case FSSIOCSET50:
                fss = &_fss;