git: fdd100a7150e - main - devctl: Add missing validation to DEV_RESET

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 07 Oct 2024 00:16:13 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=fdd100a7150e34d8d98cb38e701b3cb073208653

commit fdd100a7150e34d8d98cb38e701b3cb073208653
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-10-06 22:56:40 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-10-07 00:16:07 +0000

    devctl: Add missing validation to DEV_RESET
    
    As in other ioctls which access the parent bus, we need to check for a
    NULL parent here.  Otherwise it's possible to trigger a null pointer
    dereference by resetting the root device.
    
    Reported by:    Elliott Mitchell <ehem+freebsd@m5p.com>
    Reviewed by:    imp, kib
    Differential Revision:  https://reviews.freebsd.org/D46965
---
 sys/kern/subr_bus.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/kern/subr_bus.c b/sys/kern/subr_bus.c
index 7fe46995ee54..d0c41b59dbb6 100644
--- a/sys/kern/subr_bus.c
+++ b/sys/kern/subr_bus.c
@@ -5859,6 +5859,10 @@ devctl2_ioctl(struct cdev *cdev, u_long cmd, caddr_t data, int fflag,
 			error = EINVAL;
 			break;
 		}
+		if (device_get_parent(dev) == NULL) {
+			error = EINVAL;
+			break;
+		}
 		error = BUS_RESET_CHILD(device_get_parent(dev), dev,
 		    req->dr_flags);
 		break;