From mboxrd@z Thu Jan 1 00:00:00 1970 From: LABBE Corentin Subject: Re: [PATCH] i2c: tegra: fix a possible NULL dereference Date: Thu, 12 Nov 2015 15:54:58 +0100 Message-ID: <20151112145458.GB3758@Red> References: <1447313163-23848-1-git-send-email-clabbe.montjoie@gmail.com> <20151112122923.GA31671@ulmo> <20151112125422.GA3758@Red> <20151112132837.GF31671@ulmo> <20151112134519.GJ24008@pengutronix.de> <20151112135500.GA1131@ulmo> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: Content-Disposition: inline In-Reply-To: <20151112135500.GA1131@ulmo> Sender: linux-i2c-owner@vger.kernel.org To: Thierry Reding Cc: Uwe =?iso-8859-1?Q?Kleine-K=F6nig?= , LABBE Corentin , gnurou@gmail.com, ldewangan@nvidia.com, swarren@wwwdotorg.org, wsa@the-dreams.de, linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org, linux-tegra@vger.kernel.org List-Id: linux-tegra@vger.kernel.org On Thu, Nov 12, 2015 at 02:55:00PM +0100, Thierry Reding wrote: > On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-K=F6nig wrote: > > On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote: > > > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote: > > > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote: > > > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrot= e: > > > > > > of_match_device could return NULL, and so cause a NULL poin= ter > > > > >=20 > > > > > No. There is no way that of_match_device() can ever fail. The= driver > > > > > core uses the same table to match the OF device to the driver= , so the > > > > > only case where of_match_device() would return NULL is if no = match was > > > > > found, in which case the tegra_i2c_probe() function would nev= er have > > > > > been called in the first place. > > > > >=20 > > > > > Thierry > > > > >=20 > > > >=20 > > > > In a parallel thread for i2c-rcar, the conclusion was different= =2E > > > > https://lkml.org/lkml/2015/11/12/83 > > >=20 > > > The conclusion was the same: there should be no case where this h= appens. > > > The example that Uwe gave is hypothetical and not valid DT in the= first > > > place. So instead of chickening out I think it'd be better to jus= t crash > > > to make sure people fix the DT. > >=20 > > It depends in your trust in the DT. Just because it's not advisable= to > > do something that is not documented usually isn't a good excuse to = not > > handle broken input. That't the case for webserver requests, argume= nts > > to system calls and several more. I admit DT is a bit special becau= se > > you have to assume it's trusted, but still handling errors in a san= e way > > is IMHO nice. >=20 > Given that it's supposed to be provided by firmware and possibly from= a > ROM, crashing might be a better motivation for fixing it than errorin= g > out, which people might just ignore or not notice until it's too late= =2E >=20 > > > On a side-note I think that platform_match() should be stricter a= nd do > > > something like this instead: > > >=20 > > > if (dev->of_node) { > > > if (of_driver_match_device(dev, drv)) > > > return 1; > > >=20 > > > return 0; > > > } > > That's equivalent to > >=20 > > if (dev->of_node) > > return of_driver_match_device(dev, drv); > >=20 > > and was already suggested in the thread referenced from my reply to > > http://article.gmane.org/gmane.linux.kernel/2083641 :-) >=20 > Ah, too many cross-reference =3D) FWIW: >=20 > Acked-by: Thierry Reding >=20 Just for be sure, since the thread goes in lot of direction, you ack my= patch ? Perhaps is it better that I resent a version which use of_device_get_ma= tch_data() ? Regards