All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2015-11-12  7:26 LABBE Corentin
  2015-11-12 12:29 ` Thierry Reding
  0 siblings, 1 reply; 18+ messages in thread
From: LABBE Corentin @ 2015-11-12  7:26 UTC (permalink / raw)
  To: gnurou, ldewangan, swarren, thierry.reding, wsa
  Cc: LABBE Corentin, linux-i2c, linux-kernel, linux-tegra

of_match_device could return NULL, and so cause a NULL pointer
dereference later at line 809:
i2c_dev->hw = match->data;

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/i2c/busses/i2c-tegra.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
index a0522fc..c803551 100644
--- a/drivers/i2c/busses/i2c-tegra.c
+++ b/drivers/i2c/busses/i2c-tegra.c
@@ -806,7 +806,10 @@ static int tegra_i2c_probe(struct platform_device *pdev)
 
 	if (pdev->dev.of_node) {
 		const struct of_device_id *match;
+
 		match = of_match_device(tegra_i2c_of_match, &pdev->dev);
+		if (!match)
+			return -ENODEV;
 		i2c_dev->hw = match->data;
 		i2c_dev->is_dvc = of_device_is_compatible(pdev->dev.of_node,
 						"nvidia,tegra20-i2c-dvc");
-- 
2.4.10

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12  7:26 [PATCH] i2c: tegra: fix a possible NULL dereference LABBE Corentin
@ 2015-11-12 12:29 ` Thierry Reding
  2015-11-12 12:54   ` LABBE Corentin
  2015-11-12 13:40     ` Jon Hunter
  0 siblings, 2 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 12:29 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: gnurou, ldewangan, swarren, wsa, linux-i2c, linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 1297 bytes --]

On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> of_match_device could return NULL, and so cause a NULL pointer

No. There is no way that of_match_device() can ever fail. The driver
core uses the same table to match the OF device to the driver, so the
only case where of_match_device() would return NULL is if no match was
found, in which case the tegra_i2c_probe() function would never have
been called in the first place.

Thierry

> dereference later at line 809:
> i2c_dev->hw = match->data;
> 
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> ---
>  drivers/i2c/busses/i2c-tegra.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
> index a0522fc..c803551 100644
> --- a/drivers/i2c/busses/i2c-tegra.c
> +++ b/drivers/i2c/busses/i2c-tegra.c
> @@ -806,7 +806,10 @@ static int tegra_i2c_probe(struct platform_device *pdev)
>  
>  	if (pdev->dev.of_node) {
>  		const struct of_device_id *match;
> +
>  		match = of_match_device(tegra_i2c_of_match, &pdev->dev);
> +		if (!match)
> +			return -ENODEV;
>  		i2c_dev->hw = match->data;
>  		i2c_dev->is_dvc = of_device_is_compatible(pdev->dev.of_node,
>  						"nvidia,tegra20-i2c-dvc");
> -- 
> 2.4.10
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 12:29 ` Thierry Reding
@ 2015-11-12 12:54   ` LABBE Corentin
  2015-11-12 13:28       ` Thierry Reding
  2015-11-12 13:40     ` Jon Hunter
  1 sibling, 1 reply; 18+ messages in thread
From: LABBE Corentin @ 2015-11-12 12:54 UTC (permalink / raw)
  To: Thierry Reding
  Cc: LABBE Corentin, gnurou, ldewangan, swarren, wsa, linux-i2c,
	linux-kernel, linux-tegra

On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > of_match_device could return NULL, and so cause a NULL pointer
> 
> No. There is no way that of_match_device() can ever fail. The driver
> core uses the same table to match the OF device to the driver, so the
> only case where of_match_device() would return NULL is if no match was
> found, in which case the tegra_i2c_probe() function would never have
> been called in the first place.
> 
> Thierry
> 

In a parallel thread for i2c-rcar, the conclusion was different.
https://lkml.org/lkml/2015/11/12/83

Regards

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 12:54   ` LABBE Corentin
@ 2015-11-12 13:28       ` Thierry Reding
  0 siblings, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 13:28 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: LABBE Corentin, gnurou-Re5JQEeQqe8AvxtiuMwx3w,
	ldewangan-DDmLM1+adcrQT0dZR+AlfA, swarren-3lzwWm7+Weoh9ZMKESR00Q,
	wsa-z923LK4zBo2bacvFa/9K2g, linux-i2c-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA

[-- Attachment #1: Type: text/plain, Size: 1218 bytes --]

On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > of_match_device could return NULL, and so cause a NULL pointer
> > 
> > No. There is no way that of_match_device() can ever fail. The driver
> > core uses the same table to match the OF device to the driver, so the
> > only case where of_match_device() would return NULL is if no match was
> > found, in which case the tegra_i2c_probe() function would never have
> > been called in the first place.
> > 
> > Thierry
> > 
> 
> In a parallel thread for i2c-rcar, the conclusion was different.
> https://lkml.org/lkml/2015/11/12/83

The conclusion was the same: there should be no case where this happens.
The example that Uwe gave is hypothetical and not valid DT in the first
place. So instead of chickening out I think it'd be better to just crash
to make sure people fix the DT.

On a side-note I think that platform_match() should be stricter and do
something like this instead:

	if (dev->of_node) {
		if (of_driver_match_device(dev, drv))
			return 1;

		return 0;
	}

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2015-11-12 13:28       ` Thierry Reding
  0 siblings, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 13:28 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: LABBE Corentin, gnurou, ldewangan, swarren, wsa, linux-i2c,
	linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 1218 bytes --]

On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > of_match_device could return NULL, and so cause a NULL pointer
> > 
> > No. There is no way that of_match_device() can ever fail. The driver
> > core uses the same table to match the OF device to the driver, so the
> > only case where of_match_device() would return NULL is if no match was
> > found, in which case the tegra_i2c_probe() function would never have
> > been called in the first place.
> > 
> > Thierry
> > 
> 
> In a parallel thread for i2c-rcar, the conclusion was different.
> https://lkml.org/lkml/2015/11/12/83

The conclusion was the same: there should be no case where this happens.
The example that Uwe gave is hypothetical and not valid DT in the first
place. So instead of chickening out I think it'd be better to just crash
to make sure people fix the DT.

On a side-note I think that platform_match() should be stricter and do
something like this instead:

	if (dev->of_node) {
		if (of_driver_match_device(dev, drv))
			return 1;

		return 0;
	}

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 12:29 ` Thierry Reding
@ 2015-11-12 13:40     ` Jon Hunter
  2015-11-12 13:40     ` Jon Hunter
  1 sibling, 0 replies; 18+ messages in thread
From: Jon Hunter @ 2015-11-12 13:40 UTC (permalink / raw)
  To: Thierry Reding, LABBE Corentin
  Cc: gnurou-Re5JQEeQqe8AvxtiuMwx3w, ldewangan-DDmLM1+adcrQT0dZR+AlfA,
	swarren-3lzwWm7+Weoh9ZMKESR00Q, wsa-z923LK4zBo2bacvFa/9K2g,
	linux-i2c-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA


On 12/11/15 12:29, Thierry Reding wrote:
> * PGP Signed by an unknown key
> 
> On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
>> of_match_device could return NULL, and so cause a NULL pointer
> 
> No. There is no way that of_match_device() can ever fail. The driver
> core uses the same table to match the OF device to the driver, so the
> only case where of_match_device() would return NULL is if no match was
> found, in which case the tegra_i2c_probe() function would never have
> been called in the first place.

Right and so ...

>> dereference later at line 809:
>> i2c_dev->hw = match->data;
>>
>> Signed-off-by: LABBE Corentin <clabbe.montjoie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>> ---
>>  drivers/i2c/busses/i2c-tegra.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
>> index a0522fc..c803551 100644
>> --- a/drivers/i2c/busses/i2c-tegra.c
>> +++ b/drivers/i2c/busses/i2c-tegra.c
>> @@ -806,7 +806,10 @@ static int tegra_i2c_probe(struct platform_device *pdev)
>>  
>>  	if (pdev->dev.of_node) {

Can we get rid of this if-statement?

Jon

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2015-11-12 13:40     ` Jon Hunter
  0 siblings, 0 replies; 18+ messages in thread
From: Jon Hunter @ 2015-11-12 13:40 UTC (permalink / raw)
  To: Thierry Reding, LABBE Corentin
  Cc: gnurou, ldewangan, swarren, wsa, linux-i2c, linux-kernel, linux-tegra


On 12/11/15 12:29, Thierry Reding wrote:
> * PGP Signed by an unknown key
> 
> On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
>> of_match_device could return NULL, and so cause a NULL pointer
> 
> No. There is no way that of_match_device() can ever fail. The driver
> core uses the same table to match the OF device to the driver, so the
> only case where of_match_device() would return NULL is if no match was
> found, in which case the tegra_i2c_probe() function would never have
> been called in the first place.

Right and so ...

>> dereference later at line 809:
>> i2c_dev->hw = match->data;
>>
>> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
>> ---
>>  drivers/i2c/busses/i2c-tegra.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
>> index a0522fc..c803551 100644
>> --- a/drivers/i2c/busses/i2c-tegra.c
>> +++ b/drivers/i2c/busses/i2c-tegra.c
>> @@ -806,7 +806,10 @@ static int tegra_i2c_probe(struct platform_device *pdev)
>>  
>>  	if (pdev->dev.of_node) {

Can we get rid of this if-statement?

Jon

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 13:28       ` Thierry Reding
  (?)
@ 2015-11-12 13:45       ` Uwe Kleine-König
       [not found]         ` <20151112134519.GJ24008-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
  -1 siblings, 1 reply; 18+ messages in thread
From: Uwe Kleine-König @ 2015-11-12 13:45 UTC (permalink / raw)
  To: Thierry Reding
  Cc: LABBE Corentin, LABBE Corentin, gnurou, ldewangan, swarren, wsa,
	linux-i2c, linux-kernel, linux-tegra

On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > of_match_device could return NULL, and so cause a NULL pointer
> > > 
> > > No. There is no way that of_match_device() can ever fail. The driver
> > > core uses the same table to match the OF device to the driver, so the
> > > only case where of_match_device() would return NULL is if no match was
> > > found, in which case the tegra_i2c_probe() function would never have
> > > been called in the first place.
> > > 
> > > Thierry
> > > 
> > 
> > In a parallel thread for i2c-rcar, the conclusion was different.
> > https://lkml.org/lkml/2015/11/12/83
> 
> The conclusion was the same: there should be no case where this happens.
> The example that Uwe gave is hypothetical and not valid DT in the first
> place. So instead of chickening out I think it'd be better to just crash
> to make sure people fix the DT.

It depends in your trust in the DT. Just because it's not advisable to
do something that is not documented usually isn't a good excuse to not
handle broken input. That't the case for webserver requests, arguments
to system calls and several more. I admit DT is a bit special because
you have to assume it's trusted, but still handling errors in a sane way
is IMHO nice.

> On a side-note I think that platform_match() should be stricter and do
> something like this instead:
> 
> 	if (dev->of_node) {
> 		if (of_driver_match_device(dev, drv))
> 			return 1;
> 
> 		return 0;
> 	}
That's equivalent to

	if (dev->of_node)
		return of_driver_match_device(dev, drv);

and was already suggested in the thread referenced from my reply to
http://article.gmane.org/gmane.linux.kernel/2083641 :-)

Best regards
Uwe 

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 13:45       ` Uwe Kleine-König
@ 2015-11-12 13:55             ` Thierry Reding
  0 siblings, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 13:55 UTC (permalink / raw)
  To: Uwe Kleine-König
  Cc: LABBE Corentin, LABBE Corentin, gnurou-Re5JQEeQqe8AvxtiuMwx3w,
	ldewangan-DDmLM1+adcrQT0dZR+AlfA, swarren-3lzwWm7+Weoh9ZMKESR00Q,
	wsa-z923LK4zBo2bacvFa/9K2g, linux-i2c-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA

[-- Attachment #1: Type: text/plain, Size: 2632 bytes --]

On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-König wrote:
> On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > > of_match_device could return NULL, and so cause a NULL pointer
> > > > 
> > > > No. There is no way that of_match_device() can ever fail. The driver
> > > > core uses the same table to match the OF device to the driver, so the
> > > > only case where of_match_device() would return NULL is if no match was
> > > > found, in which case the tegra_i2c_probe() function would never have
> > > > been called in the first place.
> > > > 
> > > > Thierry
> > > > 
> > > 
> > > In a parallel thread for i2c-rcar, the conclusion was different.
> > > https://lkml.org/lkml/2015/11/12/83
> > 
> > The conclusion was the same: there should be no case where this happens.
> > The example that Uwe gave is hypothetical and not valid DT in the first
> > place. So instead of chickening out I think it'd be better to just crash
> > to make sure people fix the DT.
> 
> It depends in your trust in the DT. Just because it's not advisable to
> do something that is not documented usually isn't a good excuse to not
> handle broken input. That't the case for webserver requests, arguments
> to system calls and several more. I admit DT is a bit special because
> you have to assume it's trusted, but still handling errors in a sane way
> is IMHO nice.

Given that it's supposed to be provided by firmware and possibly from a
ROM, crashing might be a better motivation for fixing it than erroring
out, which people might just ignore or not notice until it's too late.

> > On a side-note I think that platform_match() should be stricter and do
> > something like this instead:
> > 
> > 	if (dev->of_node) {
> > 		if (of_driver_match_device(dev, drv))
> > 			return 1;
> > 
> > 		return 0;
> > 	}
> That's equivalent to
> 
> 	if (dev->of_node)
> 		return of_driver_match_device(dev, drv);
> 
> and was already suggested in the thread referenced from my reply to
> http://article.gmane.org/gmane.linux.kernel/2083641 :-)

Ah, too many cross-reference =) FWIW:

Acked-by: Thierry Reding <treding-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>

If we want to gracefully handle this, then let's do it in the core by
making sure that drivers where it would return NULL are never probed,
rather than coding this check in every single driver.

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2015-11-12 13:55             ` Thierry Reding
  0 siblings, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 13:55 UTC (permalink / raw)
  To: Uwe Kleine-König
  Cc: LABBE Corentin, LABBE Corentin, gnurou, ldewangan, swarren, wsa,
	linux-i2c, linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 2603 bytes --]

On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-König wrote:
> On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > > of_match_device could return NULL, and so cause a NULL pointer
> > > > 
> > > > No. There is no way that of_match_device() can ever fail. The driver
> > > > core uses the same table to match the OF device to the driver, so the
> > > > only case where of_match_device() would return NULL is if no match was
> > > > found, in which case the tegra_i2c_probe() function would never have
> > > > been called in the first place.
> > > > 
> > > > Thierry
> > > > 
> > > 
> > > In a parallel thread for i2c-rcar, the conclusion was different.
> > > https://lkml.org/lkml/2015/11/12/83
> > 
> > The conclusion was the same: there should be no case where this happens.
> > The example that Uwe gave is hypothetical and not valid DT in the first
> > place. So instead of chickening out I think it'd be better to just crash
> > to make sure people fix the DT.
> 
> It depends in your trust in the DT. Just because it's not advisable to
> do something that is not documented usually isn't a good excuse to not
> handle broken input. That't the case for webserver requests, arguments
> to system calls and several more. I admit DT is a bit special because
> you have to assume it's trusted, but still handling errors in a sane way
> is IMHO nice.

Given that it's supposed to be provided by firmware and possibly from a
ROM, crashing might be a better motivation for fixing it than erroring
out, which people might just ignore or not notice until it's too late.

> > On a side-note I think that platform_match() should be stricter and do
> > something like this instead:
> > 
> > 	if (dev->of_node) {
> > 		if (of_driver_match_device(dev, drv))
> > 			return 1;
> > 
> > 		return 0;
> > 	}
> That's equivalent to
> 
> 	if (dev->of_node)
> 		return of_driver_match_device(dev, drv);
> 
> and was already suggested in the thread referenced from my reply to
> http://article.gmane.org/gmane.linux.kernel/2083641 :-)

Ah, too many cross-reference =) FWIW:

Acked-by: Thierry Reding <treding@nvidia.com>

If we want to gracefully handle this, then let's do it in the core by
making sure that drivers where it would return NULL are never probed,
rather than coding this check in every single driver.

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 13:40     ` Jon Hunter
  (?)
@ 2015-11-12 13:55     ` Thierry Reding
  -1 siblings, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 13:55 UTC (permalink / raw)
  To: Jon Hunter
  Cc: LABBE Corentin, gnurou, ldewangan, swarren, wsa, linux-i2c,
	linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 1386 bytes --]

On Thu, Nov 12, 2015 at 01:40:56PM +0000, Jon Hunter wrote:
> 
> On 12/11/15 12:29, Thierry Reding wrote:
> > * PGP Signed by an unknown key
> > 
> > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> >> of_match_device could return NULL, and so cause a NULL pointer
> > 
> > No. There is no way that of_match_device() can ever fail. The driver
> > core uses the same table to match the OF device to the driver, so the
> > only case where of_match_device() would return NULL is if no match was
> > found, in which case the tegra_i2c_probe() function would never have
> > been called in the first place.
> 
> Right and so ...
> 
> >> dereference later at line 809:
> >> i2c_dev->hw = match->data;
> >>
> >> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> >> ---
> >>  drivers/i2c/busses/i2c-tegra.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >>
> >> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
> >> index a0522fc..c803551 100644
> >> --- a/drivers/i2c/busses/i2c-tegra.c
> >> +++ b/drivers/i2c/busses/i2c-tegra.c
> >> @@ -806,7 +806,10 @@ static int tegra_i2c_probe(struct platform_device *pdev)
> >>  
> >>  	if (pdev->dev.of_node) {
> 
> Can we get rid of this if-statement?

Yeah, I guess we can drop that, too. It's been a long time since Tegra
was converted to OF only.

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 13:55             ` Thierry Reding
  (?)
@ 2015-11-12 14:54             ` LABBE Corentin
  2015-11-12 16:14                 ` Thierry Reding
  2016-01-23 11:07                 ` Wolfram Sang
  -1 siblings, 2 replies; 18+ messages in thread
From: LABBE Corentin @ 2015-11-12 14:54 UTC (permalink / raw)
  To: Thierry Reding
  Cc: Uwe Kleine-König, LABBE Corentin, gnurou, ldewangan,
	swarren, wsa, linux-i2c, linux-kernel, linux-tegra

On Thu, Nov 12, 2015 at 02:55:00PM +0100, Thierry Reding wrote:
> On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-König wrote:
> > On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> > > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > > > of_match_device could return NULL, and so cause a NULL pointer
> > > > > 
> > > > > No. There is no way that of_match_device() can ever fail. The driver
> > > > > core uses the same table to match the OF device to the driver, so the
> > > > > only case where of_match_device() would return NULL is if no match was
> > > > > found, in which case the tegra_i2c_probe() function would never have
> > > > > been called in the first place.
> > > > > 
> > > > > Thierry
> > > > > 
> > > > 
> > > > In a parallel thread for i2c-rcar, the conclusion was different.
> > > > https://lkml.org/lkml/2015/11/12/83
> > > 
> > > The conclusion was the same: there should be no case where this happens.
> > > The example that Uwe gave is hypothetical and not valid DT in the first
> > > place. So instead of chickening out I think it'd be better to just crash
> > > to make sure people fix the DT.
> > 
> > It depends in your trust in the DT. Just because it's not advisable to
> > do something that is not documented usually isn't a good excuse to not
> > handle broken input. That't the case for webserver requests, arguments
> > to system calls and several more. I admit DT is a bit special because
> > you have to assume it's trusted, but still handling errors in a sane way
> > is IMHO nice.
> 
> Given that it's supposed to be provided by firmware and possibly from a
> ROM, crashing might be a better motivation for fixing it than erroring
> out, which people might just ignore or not notice until it's too late.
> 
> > > On a side-note I think that platform_match() should be stricter and do
> > > something like this instead:
> > > 
> > > 	if (dev->of_node) {
> > > 		if (of_driver_match_device(dev, drv))
> > > 			return 1;
> > > 
> > > 		return 0;
> > > 	}
> > That's equivalent to
> > 
> > 	if (dev->of_node)
> > 		return of_driver_match_device(dev, drv);
> > 
> > and was already suggested in the thread referenced from my reply to
> > http://article.gmane.org/gmane.linux.kernel/2083641 :-)
> 
> Ah, too many cross-reference =) FWIW:
> 
> Acked-by: Thierry Reding <treding@nvidia.com>
> 

Just for be sure, since the thread goes in lot of direction, you ack my patch ?
Perhaps is it better that I resent a version which use of_device_get_match_data() ?

Regards

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 14:54             ` LABBE Corentin
@ 2015-11-12 16:14                 ` Thierry Reding
  2016-01-23 11:07                 ` Wolfram Sang
  1 sibling, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 16:14 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: Uwe Kleine-König, LABBE Corentin,
	gnurou-Re5JQEeQqe8AvxtiuMwx3w, ldewangan-DDmLM1+adcrQT0dZR+AlfA,
	swarren-3lzwWm7+Weoh9ZMKESR00Q, wsa-z923LK4zBo2bacvFa/9K2g,
	linux-i2c-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA

[-- Attachment #1: Type: text/plain, Size: 3249 bytes --]

On Thu, Nov 12, 2015 at 03:54:58PM +0100, LABBE Corentin wrote:
> On Thu, Nov 12, 2015 at 02:55:00PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-König wrote:
> > > On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> > > > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > > > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > > > > of_match_device could return NULL, and so cause a NULL pointer
> > > > > > 
> > > > > > No. There is no way that of_match_device() can ever fail. The driver
> > > > > > core uses the same table to match the OF device to the driver, so the
> > > > > > only case where of_match_device() would return NULL is if no match was
> > > > > > found, in which case the tegra_i2c_probe() function would never have
> > > > > > been called in the first place.
> > > > > > 
> > > > > > Thierry
> > > > > > 
> > > > > 
> > > > > In a parallel thread for i2c-rcar, the conclusion was different.
> > > > > https://lkml.org/lkml/2015/11/12/83
> > > > 
> > > > The conclusion was the same: there should be no case where this happens.
> > > > The example that Uwe gave is hypothetical and not valid DT in the first
> > > > place. So instead of chickening out I think it'd be better to just crash
> > > > to make sure people fix the DT.
> > > 
> > > It depends in your trust in the DT. Just because it's not advisable to
> > > do something that is not documented usually isn't a good excuse to not
> > > handle broken input. That't the case for webserver requests, arguments
> > > to system calls and several more. I admit DT is a bit special because
> > > you have to assume it's trusted, but still handling errors in a sane way
> > > is IMHO nice.
> > 
> > Given that it's supposed to be provided by firmware and possibly from a
> > ROM, crashing might be a better motivation for fixing it than erroring
> > out, which people might just ignore or not notice until it's too late.
> > 
> > > > On a side-note I think that platform_match() should be stricter and do
> > > > something like this instead:
> > > > 
> > > > 	if (dev->of_node) {
> > > > 		if (of_driver_match_device(dev, drv))
> > > > 			return 1;
> > > > 
> > > > 		return 0;
> > > > 	}
> > > That's equivalent to
> > > 
> > > 	if (dev->of_node)
> > > 		return of_driver_match_device(dev, drv);
> > > 
> > > and was already suggested in the thread referenced from my reply to
> > > http://article.gmane.org/gmane.linux.kernel/2083641 :-)
> > 
> > Ah, too many cross-reference =) FWIW:
> > 
> > Acked-by: Thierry Reding <treding-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
> > 
> 
> Just for be sure, since the thread goes in lot of direction, you ack my patch ?
> Perhaps is it better that I resent a version which use of_device_get_match_data() ?

No, the Acked-by was for Uwe's proposal to modify platform_match(). I
think if we want to gracefully handle these cases, then the right way to
do so is by having the driver core not fallback to name matches for
devices instantiated from device tree.

Sorry for being unclear.

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2015-11-12 16:14                 ` Thierry Reding
  0 siblings, 0 replies; 18+ messages in thread
From: Thierry Reding @ 2015-11-12 16:14 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: Uwe Kleine-König, LABBE Corentin, gnurou, ldewangan,
	swarren, wsa, linux-i2c, linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 3220 bytes --]

On Thu, Nov 12, 2015 at 03:54:58PM +0100, LABBE Corentin wrote:
> On Thu, Nov 12, 2015 at 02:55:00PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-König wrote:
> > > On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> > > > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > > > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > > > > of_match_device could return NULL, and so cause a NULL pointer
> > > > > > 
> > > > > > No. There is no way that of_match_device() can ever fail. The driver
> > > > > > core uses the same table to match the OF device to the driver, so the
> > > > > > only case where of_match_device() would return NULL is if no match was
> > > > > > found, in which case the tegra_i2c_probe() function would never have
> > > > > > been called in the first place.
> > > > > > 
> > > > > > Thierry
> > > > > > 
> > > > > 
> > > > > In a parallel thread for i2c-rcar, the conclusion was different.
> > > > > https://lkml.org/lkml/2015/11/12/83
> > > > 
> > > > The conclusion was the same: there should be no case where this happens.
> > > > The example that Uwe gave is hypothetical and not valid DT in the first
> > > > place. So instead of chickening out I think it'd be better to just crash
> > > > to make sure people fix the DT.
> > > 
> > > It depends in your trust in the DT. Just because it's not advisable to
> > > do something that is not documented usually isn't a good excuse to not
> > > handle broken input. That't the case for webserver requests, arguments
> > > to system calls and several more. I admit DT is a bit special because
> > > you have to assume it's trusted, but still handling errors in a sane way
> > > is IMHO nice.
> > 
> > Given that it's supposed to be provided by firmware and possibly from a
> > ROM, crashing might be a better motivation for fixing it than erroring
> > out, which people might just ignore or not notice until it's too late.
> > 
> > > > On a side-note I think that platform_match() should be stricter and do
> > > > something like this instead:
> > > > 
> > > > 	if (dev->of_node) {
> > > > 		if (of_driver_match_device(dev, drv))
> > > > 			return 1;
> > > > 
> > > > 		return 0;
> > > > 	}
> > > That's equivalent to
> > > 
> > > 	if (dev->of_node)
> > > 		return of_driver_match_device(dev, drv);
> > > 
> > > and was already suggested in the thread referenced from my reply to
> > > http://article.gmane.org/gmane.linux.kernel/2083641 :-)
> > 
> > Ah, too many cross-reference =) FWIW:
> > 
> > Acked-by: Thierry Reding <treding@nvidia.com>
> > 
> 
> Just for be sure, since the thread goes in lot of direction, you ack my patch ?
> Perhaps is it better that I resent a version which use of_device_get_match_data() ?

No, the Acked-by was for Uwe's proposal to modify platform_match(). I
think if we want to gracefully handle these cases, then the right way to
do so is by having the driver core not fallback to name matches for
devices instantiated from device tree.

Sorry for being unclear.

Thierry

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 13:45       ` Uwe Kleine-König
@ 2016-01-23 10:56             ` Wolfram Sang
  0 siblings, 0 replies; 18+ messages in thread
From: Wolfram Sang @ 2016-01-23 10:56 UTC (permalink / raw)
  To: Uwe Kleine-König
  Cc: Thierry Reding, LABBE Corentin, LABBE Corentin,
	gnurou-Re5JQEeQqe8AvxtiuMwx3w, ldewangan-DDmLM1+adcrQT0dZR+AlfA,
	swarren-3lzwWm7+Weoh9ZMKESR00Q, linux-i2c-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA

[-- Attachment #1: Type: text/plain, Size: 444 bytes --]

Hi Uwe,

> That's equivalent to
> 
> 	if (dev->of_node)
> 		return of_driver_match_device(dev, drv);
> 
> and was already suggested in the thread referenced from my reply to
> http://article.gmane.org/gmane.linux.kernel/2083641 :-)

Did you make a proper patch out of it? Can't find it, though I also
think this would be useful.

Acked-by: Wolfram Sang <wsa-z923LK4zBo2bacvFa/9K2g@public.gmane.org>

All the best,

   Wolfram

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2016-01-23 10:56             ` Wolfram Sang
  0 siblings, 0 replies; 18+ messages in thread
From: Wolfram Sang @ 2016-01-23 10:56 UTC (permalink / raw)
  To: Uwe Kleine-König
  Cc: Thierry Reding, LABBE Corentin, LABBE Corentin, gnurou,
	ldewangan, swarren, linux-i2c, linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 418 bytes --]

Hi Uwe,

> That's equivalent to
> 
> 	if (dev->of_node)
> 		return of_driver_match_device(dev, drv);
> 
> and was already suggested in the thread referenced from my reply to
> http://article.gmane.org/gmane.linux.kernel/2083641 :-)

Did you make a proper patch out of it? Can't find it, though I also
think this would be useful.

Acked-by: Wolfram Sang <wsa@the-dreams.de>

All the best,

   Wolfram

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
  2015-11-12 14:54             ` LABBE Corentin
@ 2016-01-23 11:07                 ` Wolfram Sang
  2016-01-23 11:07                 ` Wolfram Sang
  1 sibling, 0 replies; 18+ messages in thread
From: Wolfram Sang @ 2016-01-23 11:07 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: Thierry Reding, Uwe Kleine-König, LABBE Corentin,
	gnurou-Re5JQEeQqe8AvxtiuMwx3w, ldewangan-DDmLM1+adcrQT0dZR+AlfA,
	swarren-3lzwWm7+Weoh9ZMKESR00Q, linux-i2c-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA

[-- Attachment #1: Type: text/plain, Size: 178 bytes --]

> Perhaps is it better that I resent a version which use of_device_get_match_data() ?

I'd like that for both of your patches anyhow. It is more concise and
better to read IMO.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH] i2c: tegra: fix a possible NULL dereference
@ 2016-01-23 11:07                 ` Wolfram Sang
  0 siblings, 0 replies; 18+ messages in thread
From: Wolfram Sang @ 2016-01-23 11:07 UTC (permalink / raw)
  To: LABBE Corentin
  Cc: Thierry Reding, Uwe Kleine-König, LABBE Corentin, gnurou,
	ldewangan, swarren, linux-i2c, linux-kernel, linux-tegra

[-- Attachment #1: Type: text/plain, Size: 178 bytes --]

> Perhaps is it better that I resent a version which use of_device_get_match_data() ?

I'd like that for both of your patches anyhow. It is more concise and
better to read IMO.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2016-01-23 11:07 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-12  7:26 [PATCH] i2c: tegra: fix a possible NULL dereference LABBE Corentin
2015-11-12 12:29 ` Thierry Reding
2015-11-12 12:54   ` LABBE Corentin
2015-11-12 13:28     ` Thierry Reding
2015-11-12 13:28       ` Thierry Reding
2015-11-12 13:45       ` Uwe Kleine-König
     [not found]         ` <20151112134519.GJ24008-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
2015-11-12 13:55           ` Thierry Reding
2015-11-12 13:55             ` Thierry Reding
2015-11-12 14:54             ` LABBE Corentin
2015-11-12 16:14               ` Thierry Reding
2015-11-12 16:14                 ` Thierry Reding
2016-01-23 11:07               ` Wolfram Sang
2016-01-23 11:07                 ` Wolfram Sang
2016-01-23 10:56           ` Wolfram Sang
2016-01-23 10:56             ` Wolfram Sang
2015-11-12 13:40   ` Jon Hunter
2015-11-12 13:40     ` Jon Hunter
2015-11-12 13:55     ` Thierry Reding

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.