* [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
@ 2019-01-29 8:01 ` YueHaibing
0 siblings, 0 replies; 8+ messages in thread
From: YueHaibing @ 2019-01-29 8:01 UTC (permalink / raw)
To: tglx, jason, marc.zyngier, marc.w.gonzalez, mans
Cc: linux-kernel, linux-arm-kernel, YueHaibing
There is a potential NULL pointer dereference in case kzalloc()
fails and returns NULL.
Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
drivers/irqchip/irq-tango.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
index ae28d86..a63b828 100644
--- a/drivers/irqchip/irq-tango.c
+++ b/drivers/irqchip/irq-tango.c
@@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
panic("%pOFn: failed to get address", node);
chip = kzalloc(sizeof(*chip), GFP_KERNEL);
+ if (!chip)
+ return -ENOMEM;
chip->ctl = res.start - baseres->start;
chip->base = base;
--
2.7.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
@ 2019-01-29 8:01 ` YueHaibing
0 siblings, 0 replies; 8+ messages in thread
From: YueHaibing @ 2019-01-29 8:01 UTC (permalink / raw)
To: tglx, jason, marc.zyngier, marc.w.gonzalez, mans
Cc: YueHaibing, linux-kernel, linux-arm-kernel
There is a potential NULL pointer dereference in case kzalloc()
fails and returns NULL.
Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
drivers/irqchip/irq-tango.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
index ae28d86..a63b828 100644
--- a/drivers/irqchip/irq-tango.c
+++ b/drivers/irqchip/irq-tango.c
@@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
panic("%pOFn: failed to get address", node);
chip = kzalloc(sizeof(*chip), GFP_KERNEL);
+ if (!chip)
+ return -ENOMEM;
chip->ctl = res.start - baseres->start;
chip->base = base;
--
2.7.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
2019-01-29 8:01 ` YueHaibing
@ 2019-01-29 8:55 ` Marc Zyngier
-1 siblings, 0 replies; 8+ messages in thread
From: Marc Zyngier @ 2019-01-29 8:55 UTC (permalink / raw)
To: YueHaibing
Cc: tglx, jason, marc.w.gonzalez, mans, linux-kernel, linux-arm-kernel
On Tue, 29 Jan 2019 08:01:22 +0000,
YueHaibing <yuehaibing@huawei.com> wrote:
>
> There is a potential NULL pointer dereference in case kzalloc()
> fails and returns NULL.
>
> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> ---
> drivers/irqchip/irq-tango.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
> index ae28d86..a63b828 100644
> --- a/drivers/irqchip/irq-tango.c
> +++ b/drivers/irqchip/irq-tango.c
> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
> panic("%pOFn: failed to get address", node);
>
> chip = kzalloc(sizeof(*chip), GFP_KERNEL);
> + if (!chip)
> + return -ENOMEM;
> chip->ctl = res.start - baseres->start;
> chip->base = base;
>
This is a commendable effort, but given that the whole error handling
of this driver is just to simply panic, I have the ugly feeling that
this lack of check is more a feature than a bug... Not that I like it,
but at least it is consistent.
If you're going to change that, I'd recommend you overhaul the whole
thing.
Thanks,
M.
--
Jazz is not dead, it just smell funny.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
@ 2019-01-29 8:55 ` Marc Zyngier
0 siblings, 0 replies; 8+ messages in thread
From: Marc Zyngier @ 2019-01-29 8:55 UTC (permalink / raw)
To: YueHaibing
Cc: mans, jason, marc.w.gonzalez, linux-kernel, tglx, linux-arm-kernel
On Tue, 29 Jan 2019 08:01:22 +0000,
YueHaibing <yuehaibing@huawei.com> wrote:
>
> There is a potential NULL pointer dereference in case kzalloc()
> fails and returns NULL.
>
> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> ---
> drivers/irqchip/irq-tango.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
> index ae28d86..a63b828 100644
> --- a/drivers/irqchip/irq-tango.c
> +++ b/drivers/irqchip/irq-tango.c
> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
> panic("%pOFn: failed to get address", node);
>
> chip = kzalloc(sizeof(*chip), GFP_KERNEL);
> + if (!chip)
> + return -ENOMEM;
> chip->ctl = res.start - baseres->start;
> chip->base = base;
>
This is a commendable effort, but given that the whole error handling
of this driver is just to simply panic, I have the ugly feeling that
this lack of check is more a feature than a bug... Not that I like it,
but at least it is consistent.
If you're going to change that, I'd recommend you overhaul the whole
thing.
Thanks,
M.
--
Jazz is not dead, it just smell funny.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
2019-01-29 8:55 ` Marc Zyngier
@ 2019-01-29 12:20 ` Måns Rullgård
-1 siblings, 0 replies; 8+ messages in thread
From: Måns Rullgård @ 2019-01-29 12:20 UTC (permalink / raw)
To: Marc Zyngier
Cc: YueHaibing, tglx, jason, marc.w.gonzalez, linux-kernel, linux-arm-kernel
Marc Zyngier <marc.zyngier@arm.com> writes:
> On Tue, 29 Jan 2019 08:01:22 +0000,
> YueHaibing <yuehaibing@huawei.com> wrote:
>>
>> There is a potential NULL pointer dereference in case kzalloc()
>> fails and returns NULL.
>>
>> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>> ---
>> drivers/irqchip/irq-tango.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
>> index ae28d86..a63b828 100644
>> --- a/drivers/irqchip/irq-tango.c
>> +++ b/drivers/irqchip/irq-tango.c
>> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
>> panic("%pOFn: failed to get address", node);
>>
>> chip = kzalloc(sizeof(*chip), GFP_KERNEL);
>> + if (!chip)
>> + return -ENOMEM;
>> chip->ctl = res.start - baseres->start;
>> chip->base = base;
>>
>
> This is a commendable effort, but given that the whole error handling
> of this driver is just to simply panic, I have the ugly feeling that
> this lack of check is more a feature than a bug... Not that I like it,
> but at least it is consistent.
That seemed to be the norm for irqchip drivers when I wrote this one,
and a fair number of them still panic on errors during init. There's
really not much else that can sanely be done since nothing will work
without irq handling.
As for the error return added by this patch, nothing checks it, so a
failure would merely result in the irqchip being silently skipped and
nothing working. Propagating the error back to of_irq_init() also has
no effect, not even a warning. Besides, kzalloc() is extremely unlikely
to fail at this stage, and if it does, you have much bigger problems.
--
Måns Rullgård
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
@ 2019-01-29 12:20 ` Måns Rullgård
0 siblings, 0 replies; 8+ messages in thread
From: Måns Rullgård @ 2019-01-29 12:20 UTC (permalink / raw)
To: Marc Zyngier
Cc: jason, marc.w.gonzalez, YueHaibing, linux-kernel, tglx, linux-arm-kernel
Marc Zyngier <marc.zyngier@arm.com> writes:
> On Tue, 29 Jan 2019 08:01:22 +0000,
> YueHaibing <yuehaibing@huawei.com> wrote:
>>
>> There is a potential NULL pointer dereference in case kzalloc()
>> fails and returns NULL.
>>
>> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>> ---
>> drivers/irqchip/irq-tango.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
>> index ae28d86..a63b828 100644
>> --- a/drivers/irqchip/irq-tango.c
>> +++ b/drivers/irqchip/irq-tango.c
>> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
>> panic("%pOFn: failed to get address", node);
>>
>> chip = kzalloc(sizeof(*chip), GFP_KERNEL);
>> + if (!chip)
>> + return -ENOMEM;
>> chip->ctl = res.start - baseres->start;
>> chip->base = base;
>>
>
> This is a commendable effort, but given that the whole error handling
> of this driver is just to simply panic, I have the ugly feeling that
> this lack of check is more a feature than a bug... Not that I like it,
> but at least it is consistent.
That seemed to be the norm for irqchip drivers when I wrote this one,
and a fair number of them still panic on errors during init. There's
really not much else that can sanely be done since nothing will work
without irq handling.
As for the error return added by this patch, nothing checks it, so a
failure would merely result in the irqchip being silently skipped and
nothing working. Propagating the error back to of_irq_init() also has
no effect, not even a warning. Besides, kzalloc() is extremely unlikely
to fail at this stage, and if it does, you have much bigger problems.
--
Måns Rullgård
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
2019-01-29 12:20 ` Måns Rullgård
@ 2019-01-30 6:25 ` YueHaibing
-1 siblings, 0 replies; 8+ messages in thread
From: YueHaibing @ 2019-01-30 6:25 UTC (permalink / raw)
To: Måns Rullgård, Marc Zyngier
Cc: tglx, jason, marc.w.gonzalez, linux-kernel, linux-arm-kernel
On 2019/1/29 20:20, Måns Rullgård wrote:
> Marc Zyngier <marc.zyngier@arm.com> writes:
>
>> On Tue, 29 Jan 2019 08:01:22 +0000,
>> YueHaibing <yuehaibing@huawei.com> wrote:
>>>
>>> There is a potential NULL pointer dereference in case kzalloc()
>>> fails and returns NULL.
>>>
>>> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
>>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>>> ---
>>> drivers/irqchip/irq-tango.c | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
>>> index ae28d86..a63b828 100644
>>> --- a/drivers/irqchip/irq-tango.c
>>> +++ b/drivers/irqchip/irq-tango.c
>>> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
>>> panic("%pOFn: failed to get address", node);
>>>
>>> chip = kzalloc(sizeof(*chip), GFP_KERNEL);
>>> + if (!chip)
>>> + return -ENOMEM;
>>> chip->ctl = res.start - baseres->start;
>>> chip->base = base;
>>>
>>
>> This is a commendable effort, but given that the whole error handling
>> of this driver is just to simply panic, I have the ugly feeling that
>> this lack of check is more a feature than a bug... Not that I like it,
>> but at least it is consistent.
>
> That seemed to be the norm for irqchip drivers when I wrote this one,
> and a fair number of them still panic on errors during init. There's
> really not much else that can sanely be done since nothing will work
> without irq handling.
>
> As for the error return added by this patch, nothing checks it, so a
> failure would merely result in the irqchip being silently skipped and
> nothing working. Propagating the error back to of_irq_init() also has
> no effect, not even a warning. Besides, kzalloc() is extremely unlikely
> to fail at this stage, and if it does, you have much bigger problems.
Thanks for your comment.
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference
@ 2019-01-30 6:25 ` YueHaibing
0 siblings, 0 replies; 8+ messages in thread
From: YueHaibing @ 2019-01-30 6:25 UTC (permalink / raw)
To: Måns Rullgård, Marc Zyngier
Cc: linux-kernel, tglx, jason, linux-arm-kernel, marc.w.gonzalez
On 2019/1/29 20:20, Måns Rullgård wrote:
> Marc Zyngier <marc.zyngier@arm.com> writes:
>
>> On Tue, 29 Jan 2019 08:01:22 +0000,
>> YueHaibing <yuehaibing@huawei.com> wrote:
>>>
>>> There is a potential NULL pointer dereference in case kzalloc()
>>> fails and returns NULL.
>>>
>>> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
>>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>>> ---
>>> drivers/irqchip/irq-tango.c | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
>>> index ae28d86..a63b828 100644
>>> --- a/drivers/irqchip/irq-tango.c
>>> +++ b/drivers/irqchip/irq-tango.c
>>> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
>>> panic("%pOFn: failed to get address", node);
>>>
>>> chip = kzalloc(sizeof(*chip), GFP_KERNEL);
>>> + if (!chip)
>>> + return -ENOMEM;
>>> chip->ctl = res.start - baseres->start;
>>> chip->base = base;
>>>
>>
>> This is a commendable effort, but given that the whole error handling
>> of this driver is just to simply panic, I have the ugly feeling that
>> this lack of check is more a feature than a bug... Not that I like it,
>> but at least it is consistent.
>
> That seemed to be the norm for irqchip drivers when I wrote this one,
> and a fair number of them still panic on errors during init. There's
> really not much else that can sanely be done since nothing will work
> without irq handling.
>
> As for the error return added by this patch, nothing checks it, so a
> failure would merely result in the irqchip being silently skipped and
> nothing working. Propagating the error back to of_irq_init() also has
> no effect, not even a warning. Besides, kzalloc() is extremely unlikely
> to fail at this stage, and if it does, you have much bigger problems.
Thanks for your comment.
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-01-30 6:25 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-29 8:01 [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference YueHaibing
2019-01-29 8:01 ` YueHaibing
2019-01-29 8:55 ` Marc Zyngier
2019-01-29 8:55 ` Marc Zyngier
2019-01-29 12:20 ` Måns Rullgård
2019-01-29 12:20 ` Måns Rullgård
2019-01-30 6:25 ` YueHaibing
2019-01-30 6:25 ` YueHaibing
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.