From: Joel Fernandes <joel@joelfernandes.org>
To: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: Linux Media Mailing List <linux-media@vger.kernel.org>,
Mauro Carvalho Chehab <mchehab@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
devel@driverdev.osuosl.org
Subject: Re: [PATCH 03/21] media: davinci_vpfe: fix vpfe_ipipe_init() error handling
Date: Thu, 11 Oct 2018 09:56:00 -0700 [thread overview]
Message-ID: <20181011165600.GB213196@joelaf.mtv.corp.google.com> (raw)
In-Reply-To: <20181009044601.GA123155@joelaf.mtv.corp.google.com>
On Mon, Oct 08, 2018 at 09:46:01PM -0700, Joel Fernandes wrote:
> On Fri, Apr 06, 2018 at 10:23:04AM -0400, Mauro Carvalho Chehab wrote:
> > As warned:
> > drivers/staging/media/davinci_vpfe/dm365_ipipe.c:1834 vpfe_ipipe_init() error: we previously assumed 'res' could be null (see line 1797)
> >
> > There's something wrong at vpfe_ipipe_init():
> >
> > 1) it caches the resourse_size() from from the first region
> > and reuses to the second region;
> >
> > 2) the "res" var is overriden 3 times;
> >
> > 3) at free logic, it assumes that "res->start" is not
> > overriden by platform_get_resource(pdev, IORESOURCE_MEM, 6),
> > but that's not true, as it can even be NULL there.
> >
> > This patch fixes the above issues by:
> >
> > a) store the resources used by release_mem_region() on
> > a separate var;
> >
> > b) stop caching resource_size(), using the function where
> > needed.
> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
>
> I ran coccicheck on a 4.14.74 stable kernel and noticed that 'res' can be
> NULL in vpfe_ipipe_init. It looks like this patch is not included in the 4.14
> stable series. Can this patch be applied? I applied it myself and it applies
> cleanly, but I have no way to test it.
>
> That 'res->start' error_release could end up a NULL pointer deref.
Should this patch goto 4.14 stable? Seems straightforward and worth it to
prevent the possible NULL pointer deref issue.
- Joel
next prev parent reply other threads:[~2018-10-12 0:24 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-06 14:23 [PATCH 00/21] Fix sparse/smatch errors on non-x86 drivers Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 01/21] media: davinci_vpfe: remove useless checks from ipipe Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 02/21] media: dm365_ipipe: remove an unused var Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 03/21] media: davinci_vpfe: fix vpfe_ipipe_init() error handling Mauro Carvalho Chehab
2018-10-09 4:46 ` Joel Fernandes
2018-10-11 16:56 ` Joel Fernandes [this message]
2018-04-06 14:23 ` [PATCH 04/21] media: davinci_vpfe: mark __iomem as such Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 05/21] media: davinci_vpfe: get rid of an unused var at dm365_isif.c Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 06/21] media: davinci_vpfe: vpfe_video: remove an unused var Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 07/21] media: davinci_vpfe: don't use kernel-doc markup for simple comments Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 08/21] media: davinci_vpfe: fix a typo for "default" Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 09/21] media: davinci_vpfe: cleanup ipipe_[g|s]_config logic Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 10/21] media: davinci_vpfe: fix __user annotations Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 11/21] media: si470x: fix __be16 annotations Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 12/21] media: isif: reorder a statement to match coding style Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 13/21] media: davinci: fix an inconsistent ident Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 14/21] media: mmp-driver: add needed __iomem marks to power_regs Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 15/21] media: vpbe_display: properly handle error case Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 16/21] media: vpbe_display: get rid of warnings Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 17/21] media: ispstat: use %p to print the address of a buffer Mauro Carvalho Chehab
2018-04-06 15:46 ` Laurent Pinchart
2018-04-06 16:24 ` Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 18/21] media: isppreview: fix __user annotations Mauro Carvalho Chehab
2018-04-06 15:54 ` Laurent Pinchart
2018-04-06 16:22 ` Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 19/21] media: fsl-viu: use %p to print pointers Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 20/21] media: fsl-viu: fix __iomem annotations Mauro Carvalho Chehab
2018-04-06 14:23 ` [PATCH 21/21] media: omap_vout: fix wrong identing Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181011165600.GB213196@joelaf.mtv.corp.google.com \
--to=joel@joelfernandes.org \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
--cc=mchehab@s-opensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.