From: Jing Xiangfeng <jingxiangfeng@huawei.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <gregkh@linuxfoundation.org>, <christian.gromm@microchip.com>,
<masahiroy@kernel.org>, <tglx@linutronix.de>,
<keescook@chromium.org>, <devel@driverdev.osuosl.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] staging: most: don't access hdm_ch before checking it valid
Date: Tue, 29 Sep 2020 09:01:14 +0800 [thread overview]
Message-ID: <5F72875A.8020900@huawei.com> (raw)
In-Reply-To: <20200928114857.GR4282@kadam>
On 2020/9/28 19:48, Dan Carpenter wrote:
> On Mon, Sep 28, 2020 at 06:48:38PM +0800, Jing Xiangfeng wrote:
>> In try_start_dim_transfer(), pointer hdm_ch is accessed before checking.
>> This may lead to a potential null pointer dereference. Fix this by
>> dereferencing hdm_ch after calling BUG_ON().
>>
>> Signed-off-by: Jing Xiangfeng <jingxiangfeng@huawei.com>
>> ---
>> drivers/staging/most/dim2/dim2.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/most/dim2/dim2.c b/drivers/staging/most/dim2/dim2.c
>> index 509c8012d20b..ccd7cc7545e4 100644
>> --- a/drivers/staging/most/dim2/dim2.c
>> +++ b/drivers/staging/most/dim2/dim2.c
>> @@ -148,7 +148,7 @@ void dimcb_on_error(u8 error_id, const char *error_message)
>> static int try_start_dim_transfer(struct hdm_channel *hdm_ch)
>> {
>> u16 buf_size;
>> - struct list_head *head = &hdm_ch->pending_list;
> This is not a dereference, it's just pointer math. In other words:
>
> struct list_head *head = hdm_ch + offsetof(struct hdm_channel, pending_list);
Thanks for correcting!
>
> So the commit message is wrong because this cannot lead to a NULL
> dereference. It's better to just delete the BUG_ON(). We don't really
> like BUG_ON(). Checkpatch will complain about them. An Oops gives
> basically the same information as a BUG_ON() without completely killing
> the kernel so just dereferencing a NULL is preferable. Finally, we can
> see from the callers that "hdm_ch" is never NULL.
>
> regards,
> dan carpenter
>
> .
>
prev parent reply other threads:[~2020-09-29 1:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-28 10:48 [PATCH] staging: most: don't access hdm_ch before checking it valid Jing Xiangfeng
2020-09-28 11:48 ` Dan Carpenter
2020-09-29 1:01 ` Jing Xiangfeng [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5F72875A.8020900@huawei.com \
--to=jingxiangfeng@huawei.com \
--cc=christian.gromm@microchip.com \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.