* [PATCH] memory: tegra: Fix possible null pointer dereference
@ 2026-05-08 1:57 Ethan Tidmore
2026-05-08 10:13 ` Thierry Reding
0 siblings, 1 reply; 2+ messages in thread
From: Ethan Tidmore @ 2026-05-08 1:57 UTC (permalink / raw)
To: Krzysztof Kozlowski, Thierry Reding, Jonathan Hunter
Cc: Mikko Perttunen, Kees Cook, Svyatoslav Ryhel, linux-tegra,
linux-kernel, Ethan Tidmore
The function tegra114_emc_find_timing() has the possibility of returning
null and it's return value 'timing' is dereferenced before it is
checked for null.
Place dereference after null pointer check.
Detected by Smatch:
drivers/memory/tegra/tegra114-emc.c:520 tegra114_emc_prepare_timing_change()
warn: variable dereferenced before check 'timing' (see line 515)
Fixes: dce208b5405f4 ("memory: tegra: Add Tegra114 EMC driver")
Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
---
drivers/memory/tegra/tegra114-emc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/memory/tegra/tegra114-emc.c b/drivers/memory/tegra/tegra114-emc.c
index be6c699cb656..fc3bf1a28630 100644
--- a/drivers/memory/tegra/tegra114-emc.c
+++ b/drivers/memory/tegra/tegra114-emc.c
@@ -512,14 +512,16 @@ static int tegra114_emc_prepare_timing_change(struct tegra_emc *emc,
enum emc_dll_change dll_change;
unsigned int pre_wait = 0;
u32 val, mask;
- bool next_dll_enabled = !(timing->emc_mode_1 & 0x1);
bool last_dll_enabled = !(last->emc_mode_1 & 0x1);
bool update = false;
+ bool next_dll_enabled;
unsigned int i;
if (!timing)
return -ENOENT;
+ next_dll_enabled = !(timing->emc_mode_1 & 0x1);
+
if (next_dll_enabled == last_dll_enabled)
dll_change = DLL_CHANGE_NONE;
else if (next_dll_enabled)
--
2.54.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] memory: tegra: Fix possible null pointer dereference
2026-05-08 1:57 [PATCH] memory: tegra: Fix possible null pointer dereference Ethan Tidmore
@ 2026-05-08 10:13 ` Thierry Reding
0 siblings, 0 replies; 2+ messages in thread
From: Thierry Reding @ 2026-05-08 10:13 UTC (permalink / raw)
To: Ethan Tidmore
Cc: Krzysztof Kozlowski, Jonathan Hunter, Mikko Perttunen, Kees Cook,
Svyatoslav Ryhel, linux-tegra, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 1182 bytes --]
On Thu, May 07, 2026 at 08:57:16PM -0500, Ethan Tidmore wrote:
> The function tegra114_emc_find_timing() has the possibility of returning
> null and it's return value 'timing' is dereferenced before it is
> checked for null.
>
> Place dereference after null pointer check.
>
> Detected by Smatch:
> drivers/memory/tegra/tegra114-emc.c:520 tegra114_emc_prepare_timing_change()
> warn: variable dereferenced before check 'timing' (see line 515)
>
> Fixes: dce208b5405f4 ("memory: tegra: Add Tegra114 EMC driver")
> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
> ---
> drivers/memory/tegra/tegra114-emc.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
It's a *very* theoretically possible NULL pointer dereference. Both the
clock and EMC drivers read the timing information from exactly the same
device tree nodes, so their timings should always match. If they don't
something *really* bad is going on and it might be safer to just crash.
On the other hand, if this silences a smatch warning people are just
going to keep sending patches and we might as well just "fix" it now,
so:
Acked-by: Thierry Reding <treding@nvidia.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-08 10:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-08 1:57 [PATCH] memory: tegra: Fix possible null pointer dereference Ethan Tidmore
2026-05-08 10:13 ` Thierry Reding
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox