From: Dan Carpenter <error27@gmail.com>
To: Zhu Yi <yi.zhu@intel.com>
Cc: Intel Linux Wireless <ilw@linux.intel.com>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Subject: Re: bug report: potential ERR_PTR dereference in iwm_debugfs_init()
Date: Fri, 23 Apr 2010 13:43:59 +0200 [thread overview]
Message-ID: <20100423114358.GD29093@bicker> (raw)
In-Reply-To: <1271990911.14773.24.camel@debian>
On Fri, Apr 23, 2010 at 10:48:31AM +0800, Zhu Yi wrote:
> On Thu, 2010-04-22 at 17:59 +0800, Dan Carpenter wrote:
> > Hi Zhu Yi,
> >
> > This is a Smatch bug that has me a little puzzled.
> >
> > drivers/net/wireless/iwmc3200wifi/debugfs.c +447 iwm_debugfs_init(26)
> > warn: 'iwm->dbg.devdir' dereferencing possible ERR_PTR()
> >
> > 440 iwm->dbg.devdir = debugfs_create_dir(devdir, iwm->dbg.rootdir);
> > 441 result = PTR_ERR(iwm->dbg.devdir);
> > 442 if (IS_ERR(iwm->dbg.devdir) && (result != -ENODEV)) {
> > 443 IWM_ERR(iwm, "Couldn't create devdir: %d\n", result);
> > 444 goto error;
> > 445 }
> > 446
> > 447 iwm->dbg.dbgdir = debugfs_create_dir("debug", iwm->dbg.devdir);
> >
> > It looks like "iwm->dbg.devdir" could be ERR_PTR(-ENODEV) on line 447 and
> > that would cause a problem inside debugfs_create_dir(). But at the same
> > time -ENODEV was deliberately singled out as OK from other possible errors
> > that debugfs_create_dir() can return.
>
> We take -ENODEV for debugfs_create_dir if CONFIG_DEBUG_FS is not
> enabled. We returns 0 deliberately in this case for rootdir create. I
> agree we don't need to check it for the subdirs like we did now. But I
> found lots of code don't even check (or don't use IS_ERR to check) the
> return value of debugfs_create_dir. Maybe that's more problematic?
Ah. Thanks for the explanation.
The bit that was problematic in this code for me is that passing
ERR_PTR(-ENODEV) to debugfs_create_dir() on line 447 will cause an oops.
But, as you point out, the check on line 442 is never true because we
already established that debugfs is enabled.
Couldn't we just check "if (debugfs_initialized()) { " and remove all
the ERR_PTR checking?
If you would like I can send a patch to do this.
regards,
dan carpenter
next prev parent reply other threads:[~2010-04-23 11:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-22 9:59 bug report: potential ERR_PTR dereference in iwm_debugfs_init() Dan Carpenter
2010-04-23 2:48 ` Zhu Yi
2010-04-23 11:43 ` Dan Carpenter [this message]
2010-04-23 12:03 ` Johannes Berg
2010-04-26 3:22 ` Zhu Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100423114358.GD29093@bicker \
--to=error27@gmail.com \
--cc=ilw@linux.intel.com \
--cc=linux-wireless@vger.kernel.org \
--cc=yi.zhu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).