From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932925AbcFIRZa (ORCPT ); Thu, 9 Jun 2016 13:25:30 -0400 Received: from mga09.intel.com ([134.134.136.24]:24267 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932706AbcFIRZ0 (ORCPT ); Thu, 9 Jun 2016 13:25:26 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,446,1459839600"; d="scan'208";a="984271819" Date: Thu, 9 Jun 2016 19:24:52 +0200 From: Vincent =?iso-8859-1?Q?Stehl=E9?= To: Darren Hart Cc: platform-driver-x86@vger.kernel.org, linux-kernel@vger.kernel.org, Sujith Thomas , Zhang Rui , Len Brown , Rafael Wysocki Subject: Re: [PATCH] intel_menlow: prevent NULL pointer dereference Message-ID: <20160609172452.GA32327@jazz.nc.intel.com> Mail-Followup-To: Darren Hart , platform-driver-x86@vger.kernel.org, linux-kernel@vger.kernel.org, Sujith Thomas , Zhang Rui , Len Brown , Rafael Wysocki References: <1464186011-732-1-git-send-email-vincent.stehle@intel.com> <20160608203846.GG28348@f23x64.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160608203846.GG28348@f23x64.localdomain> User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 08, 2016 at 01:38:46PM -0700, Darren Hart wrote: > Under what circumstances can the .remove op be called with a NULL struct > acpi_device * as a parameter? From what I can see, most acpi_* calls accpeting > an acpi_device rely on it not being null, and they are regularly called from > driver remove functions. > Did you observe an explicit failure or can you describe a call path where this > can occur? Hi Darren, Thank you for reviewing. I am not sure about when the .remove() functions are called with a NULL pointer, or if that can ever happen. I just noticed that dereferencing the pointer and checking for NULL after did not seem to be the right thing to do. So I wanted to replicate instead the same construct as e.g. xen_acpi_processor_remove(). Your remark encouraged me to do some more digging into the sources and it appears that 13 .remove() functions do indeed check their input device pointer for NULL, while 26 do not (the remaining do not use their input pointer at all). Now I am puzzled about the necessity to check the pointer for NULL or not, and there does not seem to be a definitive answer in the docs either... Best regards, Vincent.