From: Joerg Roedel <jroedel-l3A5Bk7waGM@public.gmane.org>
To: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Cc: will.deacon-5wv7dgnIgG8@public.gmane.org,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [bug report] iommu/arm-smmu: Make use of the iommu_register interface
Date: Wed, 22 Feb 2017 12:00:42 +0100 [thread overview]
Message-ID: <20170222110042.GC4154@suse.de> (raw)
In-Reply-To: <20170215083648.GA12604@mwanda>
Hi Dan,
thanks for the report! There are more bogus things going on here.
On Wed, Feb 15, 2017 at 11:36:48AM +0300, Dan Carpenter wrote:
> The patch 9648cbc9625b: "iommu/arm-smmu: Make use of the
> iommu_register interface" from Feb 1, 2017, leads to the following
> Smatch complaint:
>
> drivers/iommu/arm-smmu-v3.c:1810 arm_smmu_remove_device()
> warn: variable dereferenced before check 'master' (see line 1809)
>
> drivers/iommu/arm-smmu-v3.c
> 1808 master = fwspec->iommu_priv;
> 1809 smmu = master->smmu;
> ^^^^^^^^^^^^
> New dereference.
>
> 1810 if (master && master->ste.valid)
> ^^^^^^
> Old code checked for NULL.
>
> 1811 arm_smmu_detach_dev(dev);
> 1812 iommu_group_remove_device(dev);
So the master pointer comes from fwspec->iommu_priv, and master is freed
later in the function. But I can't find where the fwspec->iommu_priv
pointer is cleared. To me it looks like this breaks when a device is
removed and the added again.
Robin, Will, can you have a look please?
Thanks,
Joerg
next prev parent reply other threads:[~2017-02-22 11:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 8:36 [bug report] iommu/arm-smmu: Make use of the iommu_register interface Dan Carpenter
2017-02-22 11:00 ` Joerg Roedel [this message]
[not found] ` <20170222110042.GC4154-l3A5Bk7waGM@public.gmane.org>
2017-02-22 11:26 ` Robin Murphy
[not found] ` <96801505-0808-1ab0-8d10-2b6f22bec35f-5wv7dgnIgG8@public.gmane.org>
2017-02-22 12:17 ` Joerg Roedel
-- strict thread matches above, loose matches on Subject: below --
2018-03-05 14:33 Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170222110042.GC4154@suse.de \
--to=jroedel-l3a5bk7wagm@public.gmane.org \
--cc=dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=will.deacon-5wv7dgnIgG8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.