From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751970AbdEPILM (ORCPT <rfc822;w@1wt.eu>);
        Tue, 16 May 2017 04:11:12 -0400
Received: from mga04.intel.com ([192.55.52.120]:44625 "EHLO mga04.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751203AbdEPILF (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 May 2017 04:11:05 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.38,348,1491289200"; 
   d="asc'?scan'208";a="102175100"
From: Felipe Balbi <balbi@kernel.org>
To: "Gustavo A. R. Silva" <garsilva@embeddedor.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Michal Nazarewicz <mina86@mina86.com>
Cc: linux-geode@lists.infradead.org, linux-usb@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Peter Senna Tschudin <peter.senna@gmail.com>
Subject: Re: [usb-gadget-udc] question about null check after calling phys_to_virt() function
In-Reply-To: <20170502152440.Horde.MRwIGqwH6RD-MhJ68l8bMDc@gator4166.hostgator.com>
References: <20170502152440.Horde.MRwIGqwH6RD-MhJ68l8bMDc@gator4166.hostgator.com>
Date: Tue, 16 May 2017 11:10:51 +0300
Message-ID: <87r2zpw7as.fsf@linux.intel.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
        micalg=pgp-sha256; protocol="application/pgp-signature"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Hi,

"Gustavo A. R. Silva" <garsilva@embeddedor.com> writes:
> Hello everybody,
>
> While looking into Coverity ID 145958 I ran into the following piece=20=20
> of code at drivers/usb/gadget/udc/amd5536udc.c:852:
>
> } else if (i =3D=3D buf_len) {
>          /* first td */
>          td =3D (struct udc_data_dma *)phys_to_virt(
>                                  req->td_data->next);
>          td->status =3D 0;
> } else {
>          td =3D (struct udc_data_dma *)phys_to_virt(last->next);
>          td->status =3D 0;
> }
>
> if (td)
>          td->bufptr =3D req->req.dma + i; /* assign buffer */
> else
>          break;
>
> The issue here is that _td_ pointer is being dereferenced before null che=
ck.
>
> After searching for calls to phys_to_virt() function, I've noticed=20=20
> that is not common at all to test the returned address value.
>
> So either the null check at line 862 is not needed or a null check=20=20
> before each td->status =3D 0; needs to be added.

just remove the previous null check

=2D-=20
balbi

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEElLzh7wn96CXwjh2IzL64meEamQYFAlkatAsACgkQzL64meEa
mQY+mRAAxowH9dpBNSHxt4ki5gG/3hsNOcZ36dtM808EA0F/oQ9ntr5PygHVc8Y0
bn8gil6ZQGp1sZRe32J+/wNoztNnTna9a8nnR47jR48sgS2sib29EXlepSO4BnAC
Tjlh1TEyPuTLDeizqiMca4CuOKboI9FhTLS4AvYRb2euwdAmSJrzADRZ98ylRqtJ
vjSCV0XsEaGRu64HfBXjR4FnHHYBsVdMF5NbqSQD4FV2DzyDnAUJfCGxr6YQIZp0
H4ck1OpcDBaIJSMayyGxaK+p6CHr6FAFELKCIkwt83/gkuDIBmSHmYMoIMVvKJ++
o+rUdxGMHJbtoYOg4D6UnIQx/jKtPgwoo6I/qgYUPUe97zeLFcCXkYKkarOIILDA
YdQH5kiXAuzGrhXBpP0hyPp4Q7S/5XAIsF5mIheqbaXqLAVssBoZi8W6RYrESS8K
6qpyTYpMWudKszOr6xROnPKmrty8uIATlyrp14DkuRuAgBfLMU/mk2Qh0FXjhWDb
Dc5ZulU0xmLbpTCdoKEuTHhvtOOAcv0L+Pe/BWt6B6qlXdCbnJA9UIJhr/5cqMkr
BHDxVJ6xvToJ3LWbmrR7z+3BraPk0GB1bsOSpvNEV3pzgHXqlyrKr6RWYCQFsgg0
wJXyxYaRq6Xfq19GrNJ7nE3R9gIVxzbZ0D6lYwAZjYELVit1dBw=
=TTVk
-----END PGP SIGNATURE-----
--=-=-=--