* [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store
@ 2017-12-06 20:20 ` Gustavo A. R. Silva
2017-12-07 1:24 ` Chanwoo Choi
[not found] ` <CGME20171206202020epcas3p4fe9a9fb5346f2d413199ed71d1d0f19f@epcms1p4>
0 siblings, 2 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2017-12-06 20:20 UTC (permalink / raw)
To: MyungJoo Ham, Kyungmin Park, Chanwoo Choi
Cc: linux-pm, linux-kernel, Gustavo A. R. Silva
df->governor is being dereferenced before it is null checked,
hence there is a potential null pointer dereference.
Notice that df->governor is being null checked at line 1004:
if (df->governor) {, which implies it might be null.
Fix this by null checking df->governor before dereferencing it.
Addresses-Coverity-ID: 1401988 ("Dereference before null check")
Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
drivers/devfreq/devfreq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
index 78fb496..14fe76b 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -996,7 +996,8 @@ static ssize_t governor_store(struct device *dev, struct device_attribute *attr,
if (df->governor == governor) {
ret = 0;
goto out;
- } else if (df->governor->immutable || governor->immutable) {
+ } else if ((df->governor && df->governor->immutable) ||
+ governor->immutable) {
ret = -EINVAL;
goto out;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store
2017-12-06 20:20 ` [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store Gustavo A. R. Silva
@ 2017-12-07 1:24 ` Chanwoo Choi
2017-12-07 23:56 ` Gustavo A. R. Silva
[not found] ` <CGME20171206202020epcas3p4fe9a9fb5346f2d413199ed71d1d0f19f@epcms1p4>
1 sibling, 1 reply; 5+ messages in thread
From: Chanwoo Choi @ 2017-12-07 1:24 UTC (permalink / raw)
To: Gustavo A. R. Silva, MyungJoo Ham, Kyungmin Park; +Cc: linux-pm, linux-kernel
On 2017년 12월 07일 05:20, Gustavo A. R. Silva wrote:
> df->governor is being dereferenced before it is null checked,
> hence there is a potential null pointer dereference.
>
> Notice that df->governor is being null checked at line 1004:
> if (df->governor) {, which implies it might be null.
>
> Fix this by null checking df->governor before dereferencing it.
>
> Addresses-Coverity-ID: 1401988 ("Dereference before null check")
> Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
> ---
> drivers/devfreq/devfreq.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
> index 78fb496..14fe76b 100644
> --- a/drivers/devfreq/devfreq.c
> +++ b/drivers/devfreq/devfreq.c
> @@ -996,7 +996,8 @@ static ssize_t governor_store(struct device *dev, struct device_attribute *attr,
> if (df->governor == governor) {
> ret = 0;
> goto out;
> - } else if (df->governor->immutable || governor->immutable) {
> + } else if ((df->governor && df->governor->immutable) ||
> + governor->immutable) {
> ret = -EINVAL;
> goto out;
> }
>
Actually, df->governor would be never NULL because devfreq_add_device()
initializes the ->governor always. But, governor_store() doesn't know it.
So, looks good to me.
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
--
Best Regards,
Chanwoo Choi
Samsung Electronics
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store
[not found] ` <CGME20171206202020epcas3p4fe9a9fb5346f2d413199ed71d1d0f19f@epcms1p4>
@ 2017-12-07 2:41 ` MyungJoo Ham
2017-12-07 23:57 ` Gustavo A. R. Silva
0 siblings, 1 reply; 5+ messages in thread
From: MyungJoo Ham @ 2017-12-07 2:41 UTC (permalink / raw)
To: Kyungmin Park, Chanwoo Choi; +Cc: linux-pm, linux-kernel, Gustavo A. R. Silva
> df->governor is being dereferenced before it is null checked,
> hence there is a potential null pointer dereference.
>
> Notice that df->governor is being null checked at line 1004:
> if (df->governor) {, which implies it might be null.
>
> Fix this by null checking df->governor before dereferencing it.
>
> Addresses-Coverity-ID: 1401988 ("Dereference before null check")
> Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Acked-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Cheers,
MyungJoo
> ---
> drivers/devfreq/devfreq.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
> index 78fb496..14fe76b 100644
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store
2017-12-07 1:24 ` Chanwoo Choi
@ 2017-12-07 23:56 ` Gustavo A. R. Silva
0 siblings, 0 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2017-12-07 23:56 UTC (permalink / raw)
To: Chanwoo Choi; +Cc: MyungJoo Ham, Kyungmin Park, linux-pm, linux-kernel
Hi Chanwoo,
Quoting Chanwoo Choi <cw00.choi@samsung.com>:
> On 2017년 12월 07일 05:20, Gustavo A. R. Silva wrote:
>> df->governor is being dereferenced before it is null checked,
>> hence there is a potential null pointer dereference.
>>
>> Notice that df->governor is being null checked at line 1004:
>> if (df->governor) {, which implies it might be null.
>>
>> Fix this by null checking df->governor before dereferencing it.
>>
>> Addresses-Coverity-ID: 1401988 ("Dereference before null check")
>> Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs")
>> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
>> ---
>> drivers/devfreq/devfreq.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
>> index 78fb496..14fe76b 100644
>> --- a/drivers/devfreq/devfreq.c
>> +++ b/drivers/devfreq/devfreq.c
>> @@ -996,7 +996,8 @@ static ssize_t governor_store(struct device
>> *dev, struct device_attribute *attr,
>> if (df->governor == governor) {
>> ret = 0;
>> goto out;
>> - } else if (df->governor->immutable || governor->immutable) {
>> + } else if ((df->governor && df->governor->immutable) ||
>> + governor->immutable) {
>> ret = -EINVAL;
>> goto out;
>> }
>>
>
> Actually, df->governor would be never NULL because devfreq_add_device()
> initializes the ->governor always. But, governor_store() doesn't know it.
>
I got it.
> So, looks good to me.
> Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
>
Thank you
--
Gustavo A. R. Silva
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store
2017-12-07 2:41 ` MyungJoo Ham
@ 2017-12-07 23:57 ` Gustavo A. R. Silva
0 siblings, 0 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2017-12-07 23:57 UTC (permalink / raw)
To: MyungJoo Ham; +Cc: Kyungmin Park, Chanwoo Choi, linux-pm, linux-kernel
Quoting MyungJoo Ham <myungjoo.ham@samsung.com>:
>> df->governor is being dereferenced before it is null checked,
>> hence there is a potential null pointer dereference.
>>
>> Notice that df->governor is being null checked at line 1004:
>> if (df->governor) {, which implies it might be null.
>>
>> Fix this by null checking df->governor before dereferencing it.
>>
>> Addresses-Coverity-ID: 1401988 ("Dereference before null check")
>> Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs")
>> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
>
> Acked-by: MyungJoo Ham <myungjoo.ham@samsung.com>
>
Thank you, MyungJoo
--
Gustavo A. R. Silva
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-12-07 23:57 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CGME20171206202028epcas2p44920d43cbde12943ed978b1e6d192ba5@epcas2p4.samsung.com>
2017-12-06 20:20 ` [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store Gustavo A. R. Silva
2017-12-07 1:24 ` Chanwoo Choi
2017-12-07 23:56 ` Gustavo A. R. Silva
[not found] ` <CGME20171206202020epcas3p4fe9a9fb5346f2d413199ed71d1d0f19f@epcms1p4>
2017-12-07 2:41 ` MyungJoo Ham
2017-12-07 23:57 ` Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.