From: Dan Carpenter <error27@gmail.com>
To: Alexander Usyskin <alexander.usyskin@intel.com>
Cc: kernel-janitors@vger.kernel.org
Subject: [bug report] mei: fix error flow in probe
Date: Wed, 10 Jun 2026 18:22:30 +0300 [thread overview]
Message-ID: <aimBNn8rdCamCkrk@stanley.mountain> (raw)
Hello Alexander Usyskin,
Commit 1ebc180d2b90 ("mei: fix error flow in probe") from Nov 2, 2025
(linux-next), leads to the following Smatch static checker warning:
drivers/misc/mei/platform-vsc.c:384 mei_vsc_probe()
error: potential zalloc NULL dereference: 'mei_dev->cdev'
drivers/misc/mei/platform-vsc.c
334 static int mei_vsc_probe(struct platform_device *pdev)
335 {
336 struct device *dev = &pdev->dev;
337 struct mei_device *mei_dev;
338 struct mei_vsc_hw *hw;
339 struct vsc_tp *tp;
340 int ret;
341
342 tp = *(struct vsc_tp **)dev_get_platdata(dev);
343 if (!tp)
344 return dev_err_probe(dev, -ENODEV, "no platform data\n");
345
346 mei_dev = kzalloc(size_add(sizeof(*mei_dev), sizeof(*hw)), GFP_KERNEL);
347 if (!mei_dev)
348 return -ENOMEM;
349
350 mei_device_init(mei_dev, dev, false, &mei_vsc_hw_ops);
351
352 mei_dev->fw_f_fw_ver_supported = 0;
353 mei_dev->kind = MEI_DEV_KIND_IVSC;
354
355 hw = mei_dev_to_vsc_hw(mei_dev);
356 atomic_set(&hw->write_lock_cnt, 0);
357 hw->tp = tp;
358
359 platform_set_drvdata(pdev, mei_dev);
360
361 vsc_tp_register_event_cb(tp, mei_vsc_event_cb, mei_dev);
362
363 ret = mei_register(mei_dev, dev);
If mei_register() fails to allocate mei_dev->cdev
364 if (ret)
365 goto err;
366
367 ret = mei_start(mei_dev);
368 if (ret) {
369 dev_err_probe(dev, ret, "init hw failed\n");
370 goto err;
371 }
372
373 pm_runtime_enable(mei_dev->parent);
374
375 return 0;
376
377 err:
378 mei_cancel_work(mei_dev);
379
380 vsc_tp_register_event_cb(tp, NULL, NULL);
381
382 mei_disable_interrupts(mei_dev);
383
--> 384 mei_deregister(mei_dev);
Then it leads to a crash here.
385
386 return ret;
387 }
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
reply other threads:[~2026-06-10 15:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aimBNn8rdCamCkrk@stanley.mountain \
--to=error27@gmail.com \
--cc=alexander.usyskin@intel.com \
--cc=kernel-janitors@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.