* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
@ 2018-07-11 12:34 Wei Yongjun
2018-07-11 16:48 ` Ray Jui
2018-07-13 7:46 ` Linus Walleij
0 siblings, 2 replies; 10+ messages in thread
From: Wei Yongjun @ 2018-07-11 12:34 UTC (permalink / raw)
To: linux-arm-kernel
platform_get_resource() may fail and return NULL, so we should
better check it's return value to avoid a NULL pointer dereference
a bit later in the code.
This is detected by Coccinelle semantic patch.
@@
expression pdev, res, n, t, e, e1, e2;
@@
res = platform_get_resource(pdev, t, n);
+ if (!res)
+ return -EINVAL;
... when != res == NULL
e = devm_ioremap_nocache(e1, res->start, e2);
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
---
drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
index 5cd8166..87618a4 100644
--- a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
+++ b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
@@ -577,6 +577,8 @@ static int nsp_pinmux_probe(struct platform_device *pdev)
return PTR_ERR(pinctrl->base0);
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
+ if (!res)
+ return -EINVAL;
pinctrl->base1 = devm_ioremap_nocache(&pdev->dev, res->start,
resource_size(res));
if (!pinctrl->base1) {
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 12:34 [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe() Wei Yongjun
@ 2018-07-11 16:48 ` Ray Jui
2018-07-11 16:56 ` Ray Jui
2018-07-11 17:01 ` Sudeep Holla
2018-07-13 7:46 ` Linus Walleij
1 sibling, 2 replies; 10+ messages in thread
From: Ray Jui @ 2018-07-11 16:48 UTC (permalink / raw)
To: linux-arm-kernel
On 7/11/2018 5:34 AM, Wei Yongjun wrote:
> platform_get_resource() may fail and return NULL, so we should
> better check it's return value to avoid a NULL pointer dereference
> a bit later in the code.
>
> This is detected by Coccinelle semantic patch.
>
> @@
> expression pdev, res, n, t, e, e1, e2;
> @@
>
> res = platform_get_resource(pdev, t, n);
> + if (!res)
> + return -EINVAL;
> ... when != res == NULL
> e = devm_ioremap_nocache(e1, res->start, e2);
>
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
> ---
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Change looks good to me, although the check could have been avoided if
'devm_ioremap_resource' is used on the next line instead of
'devm_ioremap_nocache', where validation of resource pointer is done.
But there's probably a reason why 'devm_ioremap_nocache' was used in
this code here.
> drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
> index 5cd8166..87618a4 100644
> --- a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
> +++ b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
> @@ -577,6 +577,8 @@ static int nsp_pinmux_probe(struct platform_device *pdev)
> return PTR_ERR(pinctrl->base0);
>
> res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
> + if (!res)
> + return -EINVAL;
> pinctrl->base1 = devm_ioremap_nocache(&pdev->dev, res->start,
> resource_size(res));
> if (!pinctrl->base1) {
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 16:48 ` Ray Jui
@ 2018-07-11 16:56 ` Ray Jui
2018-07-11 17:01 ` Sudeep Holla
1 sibling, 0 replies; 10+ messages in thread
From: Ray Jui @ 2018-07-11 16:56 UTC (permalink / raw)
To: linux-arm-kernel
On 7/11/2018 9:48 AM, Ray Jui wrote:
>
>
> On 7/11/2018 5:34 AM, Wei Yongjun wrote:
>> platform_get_resource() may fail and return NULL, so we should
>> better check it's return value to avoid a NULL pointer dereference
>> a bit later in the code.
>>
>> This is detected by Coccinelle semantic patch.
>>
>> @@
>> expression pdev, res, n, t, e, e1, e2;
>> @@
>>
>> res = platform_get_resource(pdev, t, n);
>> + if (!res)
>> +?? return -EINVAL;
>> ... when != res == NULL
>> e = devm_ioremap_nocache(e1, res->start, e2);
I forgot to mention this in my previous reply. Given that this is a fix
for a potential NULL pointer dereference and then a kernel crash in the
case when 'platform_get_resource' returns NULL, can you please add the
Fixes tag so this fix is picked by all LTS kernels under maintenance?
Thanks,
Ray
>>
>> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
>> ---
>
> Reviewed-by: Ray Jui <ray.jui@broadcom.com>
>
> Change looks good to me, although the check could have been avoided if
> 'devm_ioremap_resource' is used on the next line instead of
> 'devm_ioremap_nocache', where validation of resource pointer is done.
>
> But there's probably a reason why 'devm_ioremap_nocache' was used in
> this code here.
>
>> ? drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 2 ++
>> ? 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
>> b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
>> index 5cd8166..87618a4 100644
>> --- a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
>> +++ b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c
>> @@ -577,6 +577,8 @@ static int nsp_pinmux_probe(struct platform_device
>> *pdev)
>> ????????? return PTR_ERR(pinctrl->base0);
>> ????? res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
>> +??? if (!res)
>> +??????? return -EINVAL;
>> ????? pinctrl->base1 = devm_ioremap_nocache(&pdev->dev, res->start,
>> ??????????????????????????? resource_size(res));
>> ????? if (!pinctrl->base1) {
>>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 16:48 ` Ray Jui
2018-07-11 16:56 ` Ray Jui
@ 2018-07-11 17:01 ` Sudeep Holla
2018-07-11 17:11 ` Ray Jui
1 sibling, 1 reply; 10+ messages in thread
From: Sudeep Holla @ 2018-07-11 17:01 UTC (permalink / raw)
To: linux-arm-kernel
On 11/07/18 17:48, Ray Jui wrote:
>
>
> On 7/11/2018 5:34 AM, Wei Yongjun wrote:
>> platform_get_resource() may fail and return NULL, so we should
>> better check it's return value to avoid a NULL pointer dereference
>> a bit later in the code.
>>
>> This is detected by Coccinelle semantic patch.
>>
>> @@
>> expression pdev, res, n, t, e, e1, e2;
>> @@
>>
>> res = platform_get_resource(pdev, t, n);
>> + if (!res)
>> +?? return -EINVAL;
>> ... when != res == NULL
>> e = devm_ioremap_nocache(e1, res->start, e2);
>>
>> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
>> ---
>
> Reviewed-by: Ray Jui <ray.jui@broadcom.com>
>
> Change looks good to me, although the check could have been avoided if
> 'devm_ioremap_resource' is used on the next line instead of
> 'devm_ioremap_nocache', where validation of resource pointer is done.
>
> But there's probably a reason why 'devm_ioremap_nocache' was used in
> this code here.
>
I am not sure about that. Both ARM and ARM64 has same definition as
ioremp. However, arch/arm/include/asm/io.h do mention:
"ioremap_nocache() is the same as ioremap() as there are too many device
drivers using this for device registers, and documentation which tells
people to use it for such for this to be any different."
You could technically use devm_ioremap_resource if you want.
--
Regards,
Sudeep
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 17:01 ` Sudeep Holla
@ 2018-07-11 17:11 ` Ray Jui
2018-07-11 17:14 ` Sudeep Holla
0 siblings, 1 reply; 10+ messages in thread
From: Ray Jui @ 2018-07-11 17:11 UTC (permalink / raw)
To: linux-arm-kernel
On 7/11/2018 10:01 AM, Sudeep Holla wrote:
>
>
> On 11/07/18 17:48, Ray Jui wrote:
>>
>>
>> On 7/11/2018 5:34 AM, Wei Yongjun wrote:
>>> platform_get_resource() may fail and return NULL, so we should
>>> better check it's return value to avoid a NULL pointer dereference
>>> a bit later in the code.
>>>
>>> This is detected by Coccinelle semantic patch.
>>>
>>> @@
>>> expression pdev, res, n, t, e, e1, e2;
>>> @@
>>>
>>> res = platform_get_resource(pdev, t, n);
>>> + if (!res)
>>> +?? return -EINVAL;
>>> ... when != res == NULL
>>> e = devm_ioremap_nocache(e1, res->start, e2);
>>>
>>> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
>>> ---
>>
>> Reviewed-by: Ray Jui <ray.jui@broadcom.com>
>>
>> Change looks good to me, although the check could have been avoided if
>> 'devm_ioremap_resource' is used on the next line instead of
>> 'devm_ioremap_nocache', where validation of resource pointer is done.
>>
>> But there's probably a reason why 'devm_ioremap_nocache' was used in
>> this code here.
>>
>
> I am not sure about that. Both ARM and ARM64 has same definition as
> ioremp. However, arch/arm/include/asm/io.h do mention:
> "ioremap_nocache() is the same as ioremap() as there are too many device
>
> drivers using this for device registers, and documentation which tells
>
> people to use it for such for this to be any different."
>
> You could technically use devm_ioremap_resource if you want.
>
I did not mean the difference on _nocache, which I'm aware it's the same
on ARM/ARM64 based platforms.
I meant there's a reason why xxx_resource was not used, which is most
likely due to some resource conflict with another driver on NSP.
Ray
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 17:11 ` Ray Jui
@ 2018-07-11 17:14 ` Sudeep Holla
2018-07-11 17:18 ` Ray Jui
0 siblings, 1 reply; 10+ messages in thread
From: Sudeep Holla @ 2018-07-11 17:14 UTC (permalink / raw)
To: linux-arm-kernel
On 11/07/18 18:11, Ray Jui wrote:
>
>
[...]
>
> I meant there's a reason why xxx_resource was not used, which is most
> likely due to some resource conflict with another driver on NSP.
>
Ah OK, sorry for the noise then.
--
Regards,
Sudeep
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 17:14 ` Sudeep Holla
@ 2018-07-11 17:18 ` Ray Jui
0 siblings, 0 replies; 10+ messages in thread
From: Ray Jui @ 2018-07-11 17:18 UTC (permalink / raw)
To: linux-arm-kernel
On 7/11/2018 10:14 AM, Sudeep Holla wrote:
>
>
> On 11/07/18 18:11, Ray Jui wrote:
>>
>>
>
> [...]
>
>>
>> I meant there's a reason why xxx_resource was not used, which is most
>> likely due to some resource conflict with another driver on NSP.
>>
>
> Ah OK, sorry for the noise then.
>
Not a noise at all. Helpful discussion.
Thanks!
Ray
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-11 12:34 [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe() Wei Yongjun
2018-07-11 16:48 ` Ray Jui
@ 2018-07-13 7:46 ` Linus Walleij
2018-07-13 16:53 ` Ray Jui
1 sibling, 1 reply; 10+ messages in thread
From: Linus Walleij @ 2018-07-13 7:46 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Jul 11, 2018 at 2:25 PM Wei Yongjun <weiyongjun1@huawei.com> wrote:
> platform_get_resource() may fail and return NULL, so we should
> better check it's return value to avoid a NULL pointer dereference
> a bit later in the code.
>
> This is detected by Coccinelle semantic patch.
>
> @@
> expression pdev, res, n, t, e, e1, e2;
> @@
>
> res = platform_get_resource(pdev, t, n);
> + if (!res)
> + return -EINVAL;
> ... when != res == NULL
> e = devm_ioremap_nocache(e1, res->start, e2);
>
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Patch applied with Ray's ACK.
Yours,
Linus Walleij
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-13 7:46 ` Linus Walleij
@ 2018-07-13 16:53 ` Ray Jui
2018-07-14 10:49 ` Linus Walleij
0 siblings, 1 reply; 10+ messages in thread
From: Ray Jui @ 2018-07-13 16:53 UTC (permalink / raw)
To: linux-arm-kernel
Hi Linus,
On 7/13/2018 12:46 AM, Linus Walleij wrote:
> On Wed, Jul 11, 2018 at 2:25 PM Wei Yongjun <weiyongjun1@huawei.com> wrote:
>
>> platform_get_resource() may fail and return NULL, so we should
>> better check it's return value to avoid a NULL pointer dereference
>> a bit later in the code.
>>
>> This is detected by Coccinelle semantic patch.
>>
>> @@
>> expression pdev, res, n, t, e, e1, e2;
>> @@
>>
>> res = platform_get_resource(pdev, t, n);
>> + if (!res)
>> + return -EINVAL;
>> ... when != res == NULL
>> e = devm_ioremap_nocache(e1, res->start, e2);
>>
>> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
>
> Patch applied with Ray's ACK.
Would be nice to add the following Fixes tag:
Fixes: cc4fa83f66e9 ("pinctrl: nsp: add pinmux driver support for
Broadcom NSP SoC")
Thanks,
Ray
>
> Yours,
> Linus Walleij
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe()
2018-07-13 16:53 ` Ray Jui
@ 2018-07-14 10:49 ` Linus Walleij
0 siblings, 0 replies; 10+ messages in thread
From: Linus Walleij @ 2018-07-14 10:49 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Jul 13, 2018 at 6:53 PM Ray Jui <ray.jui@broadcom.com> wrote:
> > Patch applied with Ray's ACK.
>
> Would be nice to add the following Fixes tag:
>
> Fixes: cc4fa83f66e9 ("pinctrl: nsp: add pinmux driver support for
> Broadcom NSP SoC")
OK fixed it!
Yours,
Linus Walleij
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-07-14 10:49 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-11 12:34 [PATCH -next] pinctrl: nsp: fix potential NULL dereference in nsp_pinmux_probe() Wei Yongjun
2018-07-11 16:48 ` Ray Jui
2018-07-11 16:56 ` Ray Jui
2018-07-11 17:01 ` Sudeep Holla
2018-07-11 17:11 ` Ray Jui
2018-07-11 17:14 ` Sudeep Holla
2018-07-11 17:18 ` Ray Jui
2018-07-13 7:46 ` Linus Walleij
2018-07-13 16:53 ` Ray Jui
2018-07-14 10:49 ` Linus Walleij
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).