All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] stmmac: fix pointer check after utilization in stmmac_interrupt
@ 2020-05-02  9:29 Maxim Petrov
  2020-05-02 23:33 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Maxim Petrov @ 2020-05-02  9:29 UTC (permalink / raw)
  To: Giuseppe Cavallaro, Alexandre Torgue, Jose Abreu,
	David S. Miller, Maxime Coquelin
  Cc: mmrmaximuzz, netdev, linux-kernel

The paranoidal pointer check in IRQ handler looks very strange - it
really protects us only against bogus drivers which request IRQ line
with null pointer dev_id. However, the code fragment is incorrect
because the dev pointer is used before the actual check. That leads
to undefined behavior thus compilers are free to remove the pointer
check at all.

Signed-off-by: Maxim Petrov <mmrmaximuzz@gmail.com>
---
 .../net/ethernet/stmicro/stmmac/stmmac_main.c | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 565da6498c84..ca08699f5565 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -4070,24 +4070,28 @@ static int stmmac_set_features(struct net_device *netdev,
  */
 static irqreturn_t stmmac_interrupt(int irq, void *dev_id)
 {
-	struct net_device *dev = (struct net_device *)dev_id;
-	struct stmmac_priv *priv = netdev_priv(dev);
-	u32 rx_cnt = priv->plat->rx_queues_to_use;
-	u32 tx_cnt = priv->plat->tx_queues_to_use;
+	u32 rx_cnt;
+	u32 tx_cnt;
 	u32 queues_count;
 	u32 queue;
 	bool xmac;
+	struct stmmac_priv *priv;
+	struct net_device *dev = (struct net_device *)dev_id;
 
+	if (unlikely(!dev)) {
+		netdev_err(NULL, "%s: invalid dev pointer\n", __func__);
+		return IRQ_NONE;
+	}
+
+	priv = netdev_priv(dev);
+	rx_cnt = priv->plat->rx_queues_to_use;
+	tx_cnt = priv->plat->tx_queues_to_use;
 	xmac = priv->plat->has_gmac4 || priv->plat->has_xgmac;
 	queues_count = (rx_cnt > tx_cnt) ? rx_cnt : tx_cnt;
 
 	if (priv->irq_wake)
 		pm_wakeup_event(priv->device, 0);
 
-	if (unlikely(!dev)) {
-		netdev_err(priv->dev, "%s: invalid dev pointer\n", __func__);
-		return IRQ_NONE;
-	}
 
 	/* Check if adapter is up */
 	if (test_bit(STMMAC_DOWN, &priv->state))

base-commit: 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] stmmac: fix pointer check after utilization in stmmac_interrupt
  2020-05-02  9:29 [PATCH] stmmac: fix pointer check after utilization in stmmac_interrupt Maxim Petrov
@ 2020-05-02 23:33 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2020-05-02 23:33 UTC (permalink / raw)
  To: mmrmaximuzz
  Cc: peppe.cavallaro, alexandre.torgue, joabreu, mcoquelin.stm32,
	netdev, linux-kernel

From: Maxim Petrov <mmrmaximuzz@gmail.com>
Date: Sat, 2 May 2020 12:29:08 +0300

> The paranoidal pointer check in IRQ handler looks very strange - it
> really protects us only against bogus drivers which request IRQ line
> with null pointer dev_id. However, the code fragment is incorrect
> because the dev pointer is used before the actual check. That leads
> to undefined behavior thus compilers are free to remove the pointer
> check at all.
> 
> Signed-off-by: Maxim Petrov <mmrmaximuzz@gmail.com>

Seriously, just remove this check altogether.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-02 23:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-02  9:29 [PATCH] stmmac: fix pointer check after utilization in stmmac_interrupt Maxim Petrov
2020-05-02 23:33 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.