From: Chanwoo Choi <cw00.choi@samsung.com>
To: "Gustavo A. R. Silva" <garsilva@embeddedor.com>,
MyungJoo Ham <myungjoo.ham@samsung.com>,
Kyungmin Park <kyungmin.park@samsung.com>
Cc: linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store
Date: Thu, 07 Dec 2017 10:24:21 +0900 [thread overview]
Message-ID: <5A289845.5040301@samsung.com> (raw)
In-Reply-To: <20171206202015.GA15636@embeddedor.com>
On 2017년 12월 07일 05:20, Gustavo A. R. Silva wrote:
> df->governor is being dereferenced before it is null checked,
> hence there is a potential null pointer dereference.
>
> Notice that df->governor is being null checked at line 1004:
> if (df->governor) {, which implies it might be null.
>
> Fix this by null checking df->governor before dereferencing it.
>
> Addresses-Coverity-ID: 1401988 ("Dereference before null check")
> Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
> ---
> drivers/devfreq/devfreq.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
> index 78fb496..14fe76b 100644
> --- a/drivers/devfreq/devfreq.c
> +++ b/drivers/devfreq/devfreq.c
> @@ -996,7 +996,8 @@ static ssize_t governor_store(struct device *dev, struct device_attribute *attr,
> if (df->governor == governor) {
> ret = 0;
> goto out;
> - } else if (df->governor->immutable || governor->immutable) {
> + } else if ((df->governor && df->governor->immutable) ||
> + governor->immutable) {
> ret = -EINVAL;
> goto out;
> }
>
Actually, df->governor would be never NULL because devfreq_add_device()
initializes the ->governor always. But, governor_store() doesn't know it.
So, looks good to me.
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
--
Best Regards,
Chanwoo Choi
Samsung Electronics
next prev parent reply other threads:[~2017-12-07 1:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20171206202028epcas2p44920d43cbde12943ed978b1e6d192ba5@epcas2p4.samsung.com>
2017-12-06 20:20 ` [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store Gustavo A. R. Silva
2017-12-07 1:24 ` Chanwoo Choi [this message]
2017-12-07 23:56 ` Gustavo A. R. Silva
2017-12-07 2:41 ` MyungJoo Ham
2017-12-07 23:57 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A289845.5040301@samsung.com \
--to=cw00.choi@samsung.com \
--cc=garsilva@embeddedor.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=myungjoo.ham@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox