From: Cong Ding <dinggnu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Haojian Zhuang <haojian.zhuang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Kyungmin Park <kmpark-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
Wolfram Sang <w.sang-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Karol Lewandowski
<k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>,
Haojian Zhuang
<haojian.zhuang-eYqpPyKDWXRBDgjK7y7TUQ@public.gmane.org>,
linux-i2c-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH v2] i2c: busses/i2c-pxa.c: fix potential null pointer dereference error
Date: Tue, 5 Feb 2013 11:25:40 +0100 [thread overview]
Message-ID: <20130205102540.GC9969@gmail.com> (raw)
In-Reply-To: <CAN1soZwM6qNTJn3vvMdc6TR1eJHc=K+_c0WuWOBBuFYMWB_oCA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Tue, Feb 05, 2013 at 09:14:08AM +0800, Haojian Zhuang wrote:
> On Tue, Feb 5, 2013 at 8:05 AM, Cong Ding <dinggnu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > If it goes to eclk through line 1107, the variable res would be NULL. It will
> > cause a null pointer dereference error if we call release_mem_region.
> >
> > Signed-off-by: Cong Ding <dinggnu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> > ---
> > drivers/i2c/busses/i2c-pxa.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c
> > index 1034d93..00df535 100644
> > --- a/drivers/i2c/busses/i2c-pxa.c
> > +++ b/drivers/i2c/busses/i2c-pxa.c
> > @@ -1211,7 +1211,8 @@ eremap:
> > eclk:
> > kfree(i2c);
> > emalloc:
> > - release_mem_region(res->start, resource_size(res));
> > + if (res)
> > + release_mem_region(res->start, resource_size(res));
> > return ret;
> > }
> >
> >
>
> No. I don't agree on this. Your fix can't resolve all potential issues.
>
> i2c = kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL);
> if (!i2c) {
> ret = -ENOMEM;
> goto emalloc;
> }
>
> ret = i2c_pxa_probe_dt(dev, i2c, &i2c_type);
> if (ret > 0)
> ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type);
> if (ret < 0)
> goto eclk;
>
> res = platform_get_resource(dev, IORESOURCE_MEM, 0);
> irq = platform_get_irq(dev, 0);
> if (res == NULL || irq < 0) {
> ret = -ENODEV;
> goto eclk;
> }
>
> if (!request_mem_region(res->start, resource_size(res), res->name)) {
> ret = -ENOMEM;
> goto eclk;
> }
>
> We shouldn't jump to eclk for these error cases. Then we needn't to add
> checking on res.
So what do you suggest to do for these error cases?
- cong
WARNING: multiple messages have this Message-ID (diff)
From: Cong Ding <dinggnu@gmail.com>
To: Haojian Zhuang <haojian.zhuang@gmail.com>
Cc: Kyungmin Park <kmpark@infradead.org>,
Wolfram Sang <w.sang@pengutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
Karol Lewandowski <k.lewandowsk@samsung.com>,
Haojian Zhuang <haojian.zhuang@marvell.com>,
linux-i2c@vger.kernel.org,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] i2c: busses/i2c-pxa.c: fix potential null pointer dereference error
Date: Tue, 5 Feb 2013 11:25:40 +0100 [thread overview]
Message-ID: <20130205102540.GC9969@gmail.com> (raw)
In-Reply-To: <CAN1soZwM6qNTJn3vvMdc6TR1eJHc=K+_c0WuWOBBuFYMWB_oCA@mail.gmail.com>
On Tue, Feb 05, 2013 at 09:14:08AM +0800, Haojian Zhuang wrote:
> On Tue, Feb 5, 2013 at 8:05 AM, Cong Ding <dinggnu@gmail.com> wrote:
> > If it goes to eclk through line 1107, the variable res would be NULL. It will
> > cause a null pointer dereference error if we call release_mem_region.
> >
> > Signed-off-by: Cong Ding <dinggnu@gmail.com>
> > ---
> > drivers/i2c/busses/i2c-pxa.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c
> > index 1034d93..00df535 100644
> > --- a/drivers/i2c/busses/i2c-pxa.c
> > +++ b/drivers/i2c/busses/i2c-pxa.c
> > @@ -1211,7 +1211,8 @@ eremap:
> > eclk:
> > kfree(i2c);
> > emalloc:
> > - release_mem_region(res->start, resource_size(res));
> > + if (res)
> > + release_mem_region(res->start, resource_size(res));
> > return ret;
> > }
> >
> >
>
> No. I don't agree on this. Your fix can't resolve all potential issues.
>
> i2c = kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL);
> if (!i2c) {
> ret = -ENOMEM;
> goto emalloc;
> }
>
> ret = i2c_pxa_probe_dt(dev, i2c, &i2c_type);
> if (ret > 0)
> ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type);
> if (ret < 0)
> goto eclk;
>
> res = platform_get_resource(dev, IORESOURCE_MEM, 0);
> irq = platform_get_irq(dev, 0);
> if (res == NULL || irq < 0) {
> ret = -ENODEV;
> goto eclk;
> }
>
> if (!request_mem_region(res->start, resource_size(res), res->name)) {
> ret = -ENOMEM;
> goto eclk;
> }
>
> We shouldn't jump to eclk for these error cases. Then we needn't to add
> checking on res.
So what do you suggest to do for these error cases?
- cong
next prev parent reply other threads:[~2013-02-05 10:25 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-04 22:11 [PATCH] i2c: busses/i2c-pxa.c: fix potential null pointer dereference error Cong Ding
2013-02-04 22:11 ` Cong Ding
2013-02-04 23:47 ` Kyungmin Park
[not found] ` <CAH9JG2XSpFJeUvv7cw-JWadmi=X0-4EsN5FFKuDkwo=-mmzHSQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-02-05 0:03 ` Cong Ding
2013-02-05 0:03 ` Cong Ding
2013-02-05 0:05 ` [PATCH v2] " Cong Ding
2013-02-05 0:05 ` Cong Ding
[not found] ` <20130205000517.GB9969-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-02-05 1:14 ` Haojian Zhuang
2013-02-05 1:14 ` Haojian Zhuang
[not found] ` <CAN1soZwM6qNTJn3vvMdc6TR1eJHc=K+_c0WuWOBBuFYMWB_oCA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-02-05 10:25 ` Cong Ding [this message]
2013-02-05 10:25 ` Cong Ding
[not found] ` <20130205102540.GC9969-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-02-05 11:27 ` Haojian Zhuang
2013-02-05 11:27 ` Haojian Zhuang
2013-02-14 11:28 ` [PATCH v3] " Cong Ding
[not found] ` <20130214112818.GA18774-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-02-14 16:10 ` Haojian Zhuang
2013-02-14 16:10 ` Haojian Zhuang
2013-03-21 10:54 ` Wolfram Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130205102540.GC9969@gmail.com \
--to=dinggnu-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=haojian.zhuang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=haojian.zhuang-eYqpPyKDWXRBDgjK7y7TUQ@public.gmane.org \
--cc=k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=kmpark-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=linux-i2c-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=w.sang-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.