* [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
@ 2025-04-13 21:25 Chenyuan Yang
2025-04-14 6:57 ` Johan Hovold
2025-04-14 7:30 ` Krzysztof Kozlowski
0 siblings, 2 replies; 7+ messages in thread
From: Chenyuan Yang @ 2025-04-13 21:25 UTC (permalink / raw)
To: vkoul, kishon, lumag, quic_kriskura, manivannan.sadhasivam,
konrad.dybcio, quic_varada, quic_kbajaj, johan+linaro
Cc: linux-arm-msm, linux-phy, linux-kernel, Chenyuan Yang
In qmp_usb_iomap(), one branch returns the result of devm_ioremap(), which
can be NULL. Since IS_ERR() does not catch a NULL pointer,
add an explicit NULL check in qmp_usb_parse_dt_legacy() to prevent
potential dereference issues.
Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
Fixes: 2a55ec4f0a04 ("phy: qcom-qmp-usb: merge driver data")
---
drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
index 787721570457..8dab20b0c11c 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
@@ -2152,6 +2152,8 @@ static int qmp_usb_parse_dt_legacy(struct qmp_usb *qmp, struct device_node *np)
return PTR_ERR(qmp->rx);
qmp->pcs = qmp_usb_iomap(dev, np, 2, exclusive);
+ if (!qmp->pcs)
+ return -ENOMEM;
if (IS_ERR(qmp->pcs))
return PTR_ERR(qmp->pcs);
--
2.34.1
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
2025-04-13 21:25 [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Chenyuan Yang
@ 2025-04-14 6:57 ` Johan Hovold
2025-04-14 7:30 ` Krzysztof Kozlowski
1 sibling, 0 replies; 7+ messages in thread
From: Johan Hovold @ 2025-04-14 6:57 UTC (permalink / raw)
To: Chenyuan Yang
Cc: vkoul, kishon, lumag, quic_kriskura, manivannan.sadhasivam,
konrad.dybcio, quic_varada, quic_kbajaj, johan+linaro,
linux-arm-msm, linux-phy, linux-kernel
On Sun, Apr 13, 2025 at 04:25:18PM -0500, Chenyuan Yang wrote:
> In qmp_usb_iomap(), one branch returns the result of devm_ioremap(), which
> can be NULL. Since IS_ERR() does not catch a NULL pointer,
> add an explicit NULL check in qmp_usb_parse_dt_legacy() to prevent
> potential dereference issues.
Good catch, but please move the handling of this into the
qmp_usb_iomap() helper so that it returns an error pointer also if
devm_ioremap() fails.
> Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
> Fixes: 2a55ec4f0a04 ("phy: qcom-qmp-usb: merge driver data")
This is not the commit that introduced the issue; this should be:
Fixes: a5d6b1ac56cb ("phy: qcom-qmp-usb: fix memleak on probe deferral")
> qmp->pcs = qmp_usb_iomap(dev, np, 2, exclusive);
> + if (!qmp->pcs)
> + return -ENOMEM;
> if (IS_ERR(qmp->pcs))
> return PTR_ERR(qmp->pcs);
Johan
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
2025-04-13 21:25 [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Chenyuan Yang
2025-04-14 6:57 ` Johan Hovold
@ 2025-04-14 7:30 ` Krzysztof Kozlowski
2025-04-14 7:40 ` Johan Hovold
1 sibling, 1 reply; 7+ messages in thread
From: Krzysztof Kozlowski @ 2025-04-14 7:30 UTC (permalink / raw)
To: Chenyuan Yang, vkoul, kishon, lumag, quic_kriskura,
manivannan.sadhasivam, konrad.dybcio, quic_varada, quic_kbajaj,
johan+linaro
Cc: linux-arm-msm, linux-phy, linux-kernel
On 13/04/2025 23:25, Chenyuan Yang wrote:
> In qmp_usb_iomap(), one branch returns the result of devm_ioremap(), which
> can be NULL. Since IS_ERR() does not catch a NULL pointer,
No, that's not true. NAK.
Best regards,
Krzysztof
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
2025-04-14 7:30 ` Krzysztof Kozlowski
@ 2025-04-14 7:40 ` Johan Hovold
2025-04-14 8:08 ` Krzysztof Kozlowski
0 siblings, 1 reply; 7+ messages in thread
From: Johan Hovold @ 2025-04-14 7:40 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Chenyuan Yang, vkoul, kishon, lumag, quic_kriskura,
manivannan.sadhasivam, konrad.dybcio, quic_varada, quic_kbajaj,
johan+linaro, linux-arm-msm, linux-phy, linux-kernel
On Mon, Apr 14, 2025 at 09:30:19AM +0200, Krzysztof Kozlowski wrote:
> On 13/04/2025 23:25, Chenyuan Yang wrote:
> > In qmp_usb_iomap(), one branch returns the result of devm_ioremap(), which
> > can be NULL. Since IS_ERR() does not catch a NULL pointer,
>
> No, that's not true. NAK.
I'm afraid you're mistaken here. See __devm_ioremap() which can return
NULL.
Johan
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
2025-04-14 7:40 ` Johan Hovold
@ 2025-04-14 8:08 ` Krzysztof Kozlowski
2025-04-14 8:13 ` Johan Hovold
0 siblings, 1 reply; 7+ messages in thread
From: Krzysztof Kozlowski @ 2025-04-14 8:08 UTC (permalink / raw)
To: Johan Hovold
Cc: Chenyuan Yang, vkoul, kishon, lumag, quic_kriskura,
manivannan.sadhasivam, konrad.dybcio, quic_varada, quic_kbajaj,
johan+linaro, linux-arm-msm, linux-phy, linux-kernel
On 14/04/2025 09:40, Johan Hovold wrote:
> On Mon, Apr 14, 2025 at 09:30:19AM +0200, Krzysztof Kozlowski wrote:
>> On 13/04/2025 23:25, Chenyuan Yang wrote:
>>> In qmp_usb_iomap(), one branch returns the result of devm_ioremap(), which
>>> can be NULL. Since IS_ERR() does not catch a NULL pointer,
>>
>> No, that's not true. NAK.
>
> I'm afraid you're mistaken here. See __devm_ioremap() which can return
> NULL.
>
Uh, you are right, I only checked devm_of_iomap in qmp_usb_iomap().
Anyway, the fix should be different - given function should either
return ERR or NULL, not both, so devm_ioremap return value needs to be
wrapped in ERR_PTR.
Best regards,
Krzysztof
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
2025-04-14 8:08 ` Krzysztof Kozlowski
@ 2025-04-14 8:13 ` Johan Hovold
2025-04-14 12:52 ` Chenyuan Yang
0 siblings, 1 reply; 7+ messages in thread
From: Johan Hovold @ 2025-04-14 8:13 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Chenyuan Yang, vkoul, kishon, lumag, quic_kriskura,
manivannan.sadhasivam, konrad.dybcio, quic_varada, quic_kbajaj,
johan+linaro, linux-arm-msm, linux-phy, linux-kernel
On Mon, Apr 14, 2025 at 10:08:18AM +0200, Krzysztof Kozlowski wrote:
> On 14/04/2025 09:40, Johan Hovold wrote:
> > I'm afraid you're mistaken here. See __devm_ioremap() which can return
> > NULL.
> >
> Uh, you are right, I only checked devm_of_iomap in qmp_usb_iomap().
> Anyway, the fix should be different - given function should either
> return ERR or NULL, not both, so devm_ioremap return value needs to be
> wrapped in ERR_PTR.
Right, I already suggested that:
https://lore.kernel.org/lkml/Z_yxxoa12N9rNn2z@hovoldconsulting.com/
Johan
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
2025-04-14 8:13 ` Johan Hovold
@ 2025-04-14 12:52 ` Chenyuan Yang
0 siblings, 0 replies; 7+ messages in thread
From: Chenyuan Yang @ 2025-04-14 12:52 UTC (permalink / raw)
To: Johan Hovold
Cc: Krzysztof Kozlowski, vkoul, kishon, lumag, quic_kriskura,
manivannan.sadhasivam, konrad.dybcio, quic_varada, quic_kbajaj,
johan+linaro, linux-arm-msm, linux-phy, linux-kernel
Hi Johan and Krzysztof,
On Mon, Apr 14, 2025 at 3:13 AM Johan Hovold <johan@kernel.org> wrote:
>
> On Mon, Apr 14, 2025 at 10:08:18AM +0200, Krzysztof Kozlowski wrote:
> > On 14/04/2025 09:40, Johan Hovold wrote:
>
> > > I'm afraid you're mistaken here. See __devm_ioremap() which can return
> > > NULL.
> > >
> > Uh, you are right, I only checked devm_of_iomap in qmp_usb_iomap().
> > Anyway, the fix should be different - given function should either
> > return ERR or NULL, not both, so devm_ioremap return value needs to be
> > wrapped in ERR_PTR.
>
> Right, I already suggested that:
>
> https://lore.kernel.org/lkml/Z_yxxoa12N9rNn2z@hovoldconsulting.com/
>
> Johan
I have submitted "[PATCH v2] phy: qcom-qmp-usb: Fix an NULL vs
IS_ERR() bug", which fixes this issue based on your suggestions
-Chenyuan
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-04-14 12:58 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-13 21:25 [PATCH] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Chenyuan Yang
2025-04-14 6:57 ` Johan Hovold
2025-04-14 7:30 ` Krzysztof Kozlowski
2025-04-14 7:40 ` Johan Hovold
2025-04-14 8:08 ` Krzysztof Kozlowski
2025-04-14 8:13 ` Johan Hovold
2025-04-14 12:52 ` Chenyuan Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox