From: Julia Lawall <julia.lawall@lip6.fr>
To: "weiyongjun (A)" <weiyongjun1@huawei.com>
Cc: Ladislav Michl <ladis@linux-mips.org>,
Bjorn Helgaas <helgaas@kernel.org>,
Kishon Vijay Abraham I <kishon@ti.com>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Bjorn Helgaas <bhelgaas@google.com>,
"linux-omap@vger.kernel.org" <linux-omap@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>
Subject: RE: [PATCH -next] PCI: dra7xx: Fix potential NULL dereference
Date: Fri, 19 Jan 2018 05:56:55 +0000 [thread overview]
Message-ID: <alpine.DEB.2.20.1801190655080.3505@hadrien> (raw)
In-Reply-To: <6AADFAC011213A4C87B956458587ADB401337E23@dggemi507-mbx.china.huawei.com>
On Fri, 19 Jan 2018, weiyongjun (A) wrote:
> > On Thu, Jan 18, 2018 at 12:35:25PM -0600, Bjorn Helgaas wrote:
> > > On Thu, Jan 18, 2018 at 03:54:20PM +0100, Ladislav Michl wrote:
> > > > On Thu, Jan 18, 2018 at 02:00:37PM +0000, Wei Yongjun wrote:
> > > > > platform_get_resource_byname() may fail and return NULL, so we
> > should
> > > > > better check it's return value to avoid a NULL pointer dereference a
> > > > > bit later in the code.
> > > > >
> > > > > This is detected by Coccinelle semantic patch.
> > > > >
> > > > > @@
> > > > > expression pdev, res, n, t, e, e1, e2;
> > > > > @@
> > > > >
> > > > > res = platform_get_resource_byname(pdev, t, n);
> > > > > + if (!res)
> > > > > + return -EINVAL;
> > > > > ... when != res = NULL
> > > > > e = devm_ioremap(e1, res->start, e2);
> > > >
> > > > Well, then it should be replaced with devm_ioremap_resource()
> > > > which already checks for NULL and the right resource type
> > > > (IORESOURCE_MEM).
> > >
> > > That's probably a better idea. Maybe we should add a comment like this
> > > to help avoid this in the future:
>
> Not all of the place using devm_ioremap() can be replaced with
> devm_ioremap_resource(), devices share the memory resource for example.
>
> So maybe you should also add an exception list to the comment, otherwise
> many people still not know how to use devm_ioremap_resource() or devm_ioremap().
I believe that there is a semantic patch in the kernel to remove the test
when devm_ioremap_reource is used. Maybe that should be extended or
another one should be added to ensure that there is a test when
devm_ioremap is used, since there seems to be a potential for confusion.
julia
>
> > >
> > > --- a/lib/devres.c
> > > +++ b/lib/devres.c
> > > @@ -22,6 +22,8 @@ static int devm_ioremap_match(struct device *dev,
> > void *res, void *match_data)
> > > * @size: Size of map
> > > *
> > > * Managed ioremap(). Map is automatically unmapped on driver detach.
> > > + *
> > > + * When possible, use devm_ioremap_resource() instead.
> > > */
> > > void __iomem *devm_ioremap(struct device *dev, resource_size_t offset,
> > > resource_size_t size)
> >
> > Yes, please. It would be nice first patch in the serie converting existing
> > users of devm_ioremap into devm_ioremap_resource:
> > find drivers -name "*.c" | xargs grep "devm_ioremap(" | grep resource_size
> > | wc -l
> > 82
> > I know, that was dumb, Coccinelle would certainly do better job.
> > And from a quick look a lot of
> > if (!res) {
> > print error
> > return -EINVAL;
> > }
> > code blocks could be deleted (and many cases where check for NULL
> > resource
> > is missing fixed).
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2018-01-19 5:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-18 13:54 [PATCH -next] PCI: dra7xx: Fix potential NULL dereference Wei Yongjun
2018-01-18 14:42 ` Bjorn Helgaas
2018-01-18 14:54 ` Ladislav Michl
2018-01-18 18:35 ` Bjorn Helgaas
2018-01-18 21:34 ` Ladislav Michl
2018-01-19 1:54 ` weiyongjun (A)
2018-01-19 5:56 ` Julia Lawall [this message]
2018-01-19 7:03 ` Ladislav Michl
2018-01-19 9:16 ` Ladislav Michl
2018-01-19 9:58 ` Ladislav Michl
2018-01-19 17:06 ` Ladislav Michl
2018-01-20 0:16 ` Ladislav Michl
2018-11-16 11:51 ` Lorenzo Pieralisi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1801190655080.3505@hadrien \
--to=julia.lawall@lip6.fr \
--cc=bhelgaas@google.com \
--cc=helgaas@kernel.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=kishon@ti.com \
--cc=ladis@linux-mips.org \
--cc=linux-omap@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=weiyongjun1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).