From: David Lechner <dlechner@baylibre.com>
To: Andres Urian Florez <andres.emb.sys@gmail.com>, broonie@kernel.org
Cc: skhan@linuxfoundation.org, linux-spi@vger.kernel.org
Subject: Re: [PATCH] spi: offload: check ops and match pointers before use
Date: Fri, 18 Apr 2025 09:20:12 -0500 [thread overview]
Message-ID: <6d6b5ea4-0f08-4618-9fe2-d681cd2f51ea@baylibre.com> (raw)
In-Reply-To: <20250417232319.384094-1-andres.emb.sys@gmail.com>
On 4/17/25 6:23 PM, Andres Urian Florez wrote:
> Before checking if one of the triggers matches, check if 'ops' and 'match'
> exist
Can you please explain in more detail why this change is needed? For example,
show the code path where we could actually have null pointer de-reference here
that would be fixed by this change.
>
> Signed-off-by: Andres Urian Florez <andres.emb.sys@gmail.com>
> ---
> drivers/spi/spi-offload.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/spi/spi-offload.c b/drivers/spi/spi-offload.c
> index 6bad042fe437..fcb226887488 100644
> --- a/drivers/spi/spi-offload.c
> +++ b/drivers/spi/spi-offload.c
> @@ -173,7 +173,9 @@ static struct spi_offload_trigger
> if (trigger->fwnode != args->fwnode)
> continue;
>
> - match = trigger->ops->match(trigger, type, args->args, args->nargs);
> + if (trigger->ops && trigger->ops->match)
The check for trigger->ops != NULL here should not be necessary. The only place
where trigger->ops = NULL is when the trigger is removed from the list and that
operation is done with the spi_offload_triggers_lock held. The same lock is also
currently held here, so it should not be possible for ops to be set to NULL here.
In fact, there is this later in the same function:
if (!trigger->ops)
return ERR_PTR(-ENODEV);
that could be removed (since we have shown that the condition can never be true).
> + match = trigger->ops->match(trigger, type, args->args, args->nargs);
> +
> if (match)
> break;
> }
If trigger->ops->match == NULL then the trigger could never be used because it
would never be matched. So instead, I think it would be better to check for
that in devm_spi_offload_trigger_register() and fail registration if it is
missing. In other words, make match a required callback.
next prev parent reply other threads:[~2025-04-18 14:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-17 23:23 [PATCH] spi: offload: check ops and match pointers before use Andres Urian Florez
2025-04-18 14:20 ` David Lechner [this message]
2025-04-18 16:37 ` Andres Urian
2025-04-18 16:45 ` David Lechner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6d6b5ea4-0f08-4618-9fe2-d681cd2f51ea@baylibre.com \
--to=dlechner@baylibre.com \
--cc=andres.emb.sys@gmail.com \
--cc=broonie@kernel.org \
--cc=linux-spi@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox