[PATCH v2 0/1] pwm: sun4i: fix a possible NULL dereference

linux-pwm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2 0/1] pwm: sun4i: fix a possible NULL dereference
@ 2016-08-16 13:18 LABBE Corentin
  2016-08-16 13:18 ` [PATCH v2 1/1] " LABBE Corentin
  0 siblings, 1 reply; 4+ messages in thread
From: LABBE Corentin @ 2016-08-16 13:18 UTC (permalink / raw)
  To: maxime.ripard, thierry.reding, wens
  Cc: linux-kernel, linux-pwm, LABBE Corentin

Hello

Change since v1:
- Use of_device_get_match_data()

LABBE Corentin (1):
  pwm: sun4i: fix a possible NULL dereference

 drivers/pwm/pwm-sun4i.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

-- 
2.7.3

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 1/1] pwm: sun4i: fix a possible NULL dereference
  2016-08-16 13:18 [PATCH v2 0/1] pwm: sun4i: fix a possible NULL dereference LABBE Corentin
@ 2016-08-16 13:18 ` LABBE Corentin
  2016-08-22  6:57   ` Maxime Ripard
  0 siblings, 1 reply; 4+ messages in thread
From: LABBE Corentin @ 2016-08-16 13:18 UTC (permalink / raw)
  To: maxime.ripard, thierry.reding, wens
  Cc: linux-kernel, linux-pwm, LABBE Corentin

of_match_device could return NULL, and so cause a NULL pointer
dereference later.

For fixing this problem, we use of_device_get_match_data(), this will
simplify the code a little by using a standard function for
getting the match data.

Reported-by: coverity (CID 1324139)
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/pwm/pwm-sun4i.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c
index 03a99a5..72f0060 100644
--- a/drivers/pwm/pwm-sun4i.c
+++ b/drivers/pwm/pwm-sun4i.c
@@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
 	struct resource *res;
 	u32 val;
 	int i, ret;
-	const struct of_device_id *match;
-
-	match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev);
 
 	pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL);
 	if (!pwm)
@@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
 	if (IS_ERR(pwm->clk))
 		return PTR_ERR(pwm->clk);
 
-	pwm->data = match->data;
+	pwm->data = of_device_get_match_data(&pdev->dev);
 	pwm->chip.dev = &pdev->dev;
 	pwm->chip.ops = &sun4i_pwm_ops;
 	pwm->chip.base = -1;
-- 
2.7.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 1/1] pwm: sun4i: fix a possible NULL dereference
  2016-08-16 13:18 ` [PATCH v2 1/1] " LABBE Corentin
@ 2016-08-22  6:57   ` Maxime Ripard
  2016-08-24 11:42     ` LABBE Corentin
  0 siblings, 1 reply; 4+ messages in thread
From: Maxime Ripard @ 2016-08-22  6:57 UTC (permalink / raw)
  To: LABBE Corentin; +Cc: thierry.reding, wens, linux-kernel, linux-pwm

[-- Attachment #1: Type: text/plain, Size: 1585 bytes --]

Hi,

On Tue, Aug 16, 2016 at 03:18:06PM +0200, LABBE Corentin wrote:
> of_match_device could return NULL, and so cause a NULL pointer
> dereference later.
> 
> For fixing this problem, we use of_device_get_match_data(), this will
> simplify the code a little by using a standard function for
> getting the match data.
> 
> Reported-by: coverity (CID 1324139)
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> ---
>  drivers/pwm/pwm-sun4i.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c
> index 03a99a5..72f0060 100644
> --- a/drivers/pwm/pwm-sun4i.c
> +++ b/drivers/pwm/pwm-sun4i.c
> @@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
>  	struct resource *res;
>  	u32 val;
>  	int i, ret;
> -	const struct of_device_id *match;
> -
> -	match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev);
>  
>  	pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL);
>  	if (!pwm)
> @@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
>  	if (IS_ERR(pwm->clk))
>  		return PTR_ERR(pwm->clk);
>  
> -	pwm->data = match->data;
> +	pwm->data = of_device_get_match_data(&pdev->dev);

How does that fix anything?

If of_match_data fails, it will return NULL, and the NULL pointer
dereference will occur in the exact same cases.

You should just check for match to be NULL, and return in this case.

Maxime

-- 
Maxime Ripard, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 1/1] pwm: sun4i: fix a possible NULL dereference
  2016-08-22  6:57   ` Maxime Ripard
@ 2016-08-24 11:42     ` LABBE Corentin
  0 siblings, 0 replies; 4+ messages in thread
From: LABBE Corentin @ 2016-08-24 11:42 UTC (permalink / raw)
  To: Maxime Ripard; +Cc: thierry.reding, wens, linux-kernel, linux-pwm

On Mon, Aug 22, 2016 at 08:57:37AM +0200, Maxime Ripard wrote:
> Hi,
> 
> On Tue, Aug 16, 2016 at 03:18:06PM +0200, LABBE Corentin wrote:
> > of_match_device could return NULL, and so cause a NULL pointer
> > dereference later.
> > 
> > For fixing this problem, we use of_device_get_match_data(), this will
> > simplify the code a little by using a standard function for
> > getting the match data.
> > 
> > Reported-by: coverity (CID 1324139)
> > Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> > ---
> >  drivers/pwm/pwm-sun4i.c | 5 +----
> >  1 file changed, 1 insertion(+), 4 deletions(-)
> > 
> > diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c
> > index 03a99a5..72f0060 100644
> > --- a/drivers/pwm/pwm-sun4i.c
> > +++ b/drivers/pwm/pwm-sun4i.c
> > @@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
> >  	struct resource *res;
> >  	u32 val;
> >  	int i, ret;
> > -	const struct of_device_id *match;
> > -
> > -	match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev);
> >  
> >  	pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL);
> >  	if (!pwm)
> > @@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
> >  	if (IS_ERR(pwm->clk))
> >  		return PTR_ERR(pwm->clk);
> >  
> > -	pwm->data = match->data;
> > +	pwm->data = of_device_get_match_data(&pdev->dev);
> 
> How does that fix anything?
> 
> If of_match_data fails, it will return NULL, and the NULL pointer
> dereference will occur in the exact same cases.
> 
> You should just check for match to be NULL, and return in this case.
> 
> Maxime
> 

I apologize for havent seen this subsuquent NULL deref.

I send an updated version soon.

Regards

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-08-24 11:42 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-16 13:18 [PATCH v2 0/1] pwm: sun4i: fix a possible NULL dereference LABBE Corentin
2016-08-16 13:18 ` [PATCH v2 1/1] " LABBE Corentin
2016-08-22  6:57   ` Maxime Ripard
2016-08-24 11:42     ` LABBE Corentin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).