All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] power: supply: max17040: fix null-ptr-deref in max17040_probe()
@ 2021-10-08  6:31 Yang Yingliang
  2021-10-09 17:18 ` Krzysztof Kozlowski
  0 siblings, 1 reply; 3+ messages in thread
From: Yang Yingliang @ 2021-10-08  6:31 UTC (permalink / raw)
  To: linux-kernel, linux-pm; +Cc: sre, iskren.chernev

Add check the return value of devm_regmap_init_i2c(), otherwise
later access may cause null-ptr-deref as follows:

KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
RIP: 0010:regmap_read+0x33/0x170
Call Trace:
  max17040_probe+0x61b/0xff0 [max17040_battery]
 ? write_comp_data+0x2a/0x90
 ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
 ? tracer_hardirqs_on+0x33/0x520
 ? __sanitizer_cov_trace_pc+0x1d/0x50
 ? _raw_spin_unlock_irqrestore+0x4b/0x60
 ? trace_hardirqs_on+0x63/0x2d0
 ? write_comp_data+0x2a/0x90
 ? __sanitizer_cov_trace_pc+0x1d/0x50
 ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
 i2c_device_probe+0xa31/0xbe0

Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/power/supply/max17040_battery.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/power/supply/max17040_battery.c b/drivers/power/supply/max17040_battery.c
index 3cea92e28dc3..a9aef1e8b186 100644
--- a/drivers/power/supply/max17040_battery.c
+++ b/drivers/power/supply/max17040_battery.c
@@ -449,6 +449,8 @@ static int max17040_probe(struct i2c_client *client,
 
 	chip->client = client;
 	chip->regmap = devm_regmap_init_i2c(client, &max17040_regmap);
+	if (IS_ERR(chip->regmap))
+		return PTR_ERR(chip->regmap);
 	chip_id = (enum chip_id) id->driver_data;
 	if (client->dev.of_node) {
 		ret = max17040_get_of_data(chip);
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] power: supply: max17040: fix null-ptr-deref in max17040_probe()
  2021-10-08  6:31 [PATCH] power: supply: max17040: fix null-ptr-deref in max17040_probe() Yang Yingliang
@ 2021-10-09 17:18 ` Krzysztof Kozlowski
  2021-10-12 15:29   ` Sebastian Reichel
  0 siblings, 1 reply; 3+ messages in thread
From: Krzysztof Kozlowski @ 2021-10-09 17:18 UTC (permalink / raw)
  To: Yang Yingliang, linux-kernel, linux-pm; +Cc: sre, iskren.chernev

On 08/10/2021 08:31, Yang Yingliang wrote:
> Add check the return value of devm_regmap_init_i2c(), otherwise
> later access may cause null-ptr-deref as follows:
> 
> KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
> RIP: 0010:regmap_read+0x33/0x170
> Call Trace:
>   max17040_probe+0x61b/0xff0 [max17040_battery]
>  ? write_comp_data+0x2a/0x90
>  ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
>  ? tracer_hardirqs_on+0x33/0x520
>  ? __sanitizer_cov_trace_pc+0x1d/0x50
>  ? _raw_spin_unlock_irqrestore+0x4b/0x60
>  ? trace_hardirqs_on+0x63/0x2d0
>  ? write_comp_data+0x2a/0x90
>  ? __sanitizer_cov_trace_pc+0x1d/0x50
>  ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
>  i2c_device_probe+0xa31/0xbe0
> 
> Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
> ---
>  drivers/power/supply/max17040_battery.c | 2 ++
>  1 file changed, 2 insertions(+)


Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>


Best regards,
Krzysztof

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] power: supply: max17040: fix null-ptr-deref in max17040_probe()
  2021-10-09 17:18 ` Krzysztof Kozlowski
@ 2021-10-12 15:29   ` Sebastian Reichel
  0 siblings, 0 replies; 3+ messages in thread
From: Sebastian Reichel @ 2021-10-12 15:29 UTC (permalink / raw)
  To: Krzysztof Kozlowski
  Cc: Yang Yingliang, linux-kernel, linux-pm, iskren.chernev

[-- Attachment #1: Type: text/plain, Size: 1270 bytes --]

Hi,

On Sat, Oct 09, 2021 at 07:18:30PM +0200, Krzysztof Kozlowski wrote:
> On 08/10/2021 08:31, Yang Yingliang wrote:
> > Add check the return value of devm_regmap_init_i2c(), otherwise
> > later access may cause null-ptr-deref as follows:
> > 
> > KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
> > RIP: 0010:regmap_read+0x33/0x170
> > Call Trace:
> >   max17040_probe+0x61b/0xff0 [max17040_battery]
> >  ? write_comp_data+0x2a/0x90
> >  ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
> >  ? tracer_hardirqs_on+0x33/0x520
> >  ? __sanitizer_cov_trace_pc+0x1d/0x50
> >  ? _raw_spin_unlock_irqrestore+0x4b/0x60
> >  ? trace_hardirqs_on+0x63/0x2d0
> >  ? write_comp_data+0x2a/0x90
> >  ? __sanitizer_cov_trace_pc+0x1d/0x50
> >  ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
> >  i2c_device_probe+0xa31/0xbe0
> > 
> > Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c")
> > Reported-by: Hulk Robot <hulkci@huawei.com>
> > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
> > ---
> >  drivers/power/supply/max17040_battery.c | 2 ++
> >  1 file changed, 2 insertions(+)
> 
> 
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>

Thanks, queued.

-- Sebastian

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-12 15:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-08  6:31 [PATCH] power: supply: max17040: fix null-ptr-deref in max17040_probe() Yang Yingliang
2021-10-09 17:18 ` Krzysztof Kozlowski
2021-10-12 15:29   ` Sebastian Reichel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.