* [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
@ 2021-02-01 14:41 ` Wenjia Zhao
0 siblings, 0 replies; 9+ messages in thread
From: Wenjia Zhao @ 2021-02-01 14:41 UTC (permalink / raw)
Cc: driverfuzzing, Lee Jones, Daniel Thompson, Jingoo Han,
Bartlomiej Zolnierkiewicz, dri-devel, linux-fbdev, linux-kernel
Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
---
drivers/video/backlight/pcf50633-backlight.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/backlight/pcf50633-backlight.c b/drivers/video/backlight/pcf50633-backlight.c
index 540dd338..43267af 100644
--- a/drivers/video/backlight/pcf50633-backlight.c
+++ b/drivers/video/backlight/pcf50633-backlight.c
@@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, pcf_bl);
- pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
+ if (pdata)
+ pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
/*
* Should be different from bl_props.brightness, so we do not exit
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
@ 2021-02-01 14:41 ` Wenjia Zhao
0 siblings, 0 replies; 9+ messages in thread
From: Wenjia Zhao @ 2021-02-01 14:41 UTC (permalink / raw)
Cc: Daniel Thompson, driverfuzzing, Bartlomiej Zolnierkiewicz,
Jingoo Han, linux-fbdev, dri-devel, linux-kernel, Lee Jones
Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
---
drivers/video/backlight/pcf50633-backlight.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/backlight/pcf50633-backlight.c b/drivers/video/backlight/pcf50633-backlight.c
index 540dd338..43267af 100644
--- a/drivers/video/backlight/pcf50633-backlight.c
+++ b/drivers/video/backlight/pcf50633-backlight.c
@@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, pcf_bl);
- pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
+ if (pdata)
+ pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
/*
* Should be different from bl_props.brightness, so we do not exit
--
2.7.4
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
2021-02-01 14:41 ` Wenjia Zhao
@ 2021-02-02 8:28 ` Lee Jones
-1 siblings, 0 replies; 9+ messages in thread
From: Lee Jones @ 2021-02-02 8:28 UTC (permalink / raw)
To: Wenjia Zhao
Cc: Daniel Thompson, Jingoo Han, Bartlomiej Zolnierkiewicz,
dri-devel, linux-fbdev, linux-kernel
On Mon, 01 Feb 2021, Wenjia Zhao wrote:
Please provide a suitable commit messages.
Describe the problem.
Describe the issue was found.
Describe the solution.
> Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
> ---
> drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/video/backlight/pcf50633-backlight.c b/drivers/video/backlight/pcf50633-backlight.c
> index 540dd338..43267af 100644
> --- a/drivers/video/backlight/pcf50633-backlight.c
> +++ b/drivers/video/backlight/pcf50633-backlight.c
> @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device *pdev)
>
> platform_set_drvdata(pdev, pcf_bl);
>
> - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
> + if (pdata)
> + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
A tab should be 8 chars in Linux.
> /*
> * Should be different from bl_props.brightness, so we do not exit
--
Lee Jones [李琼斯]
Senior Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
@ 2021-02-02 8:28 ` Lee Jones
0 siblings, 0 replies; 9+ messages in thread
From: Lee Jones @ 2021-02-02 8:28 UTC (permalink / raw)
To: Wenjia Zhao
Cc: Daniel Thompson, Bartlomiej Zolnierkiewicz, Jingoo Han,
linux-kernel, dri-devel, linux-fbdev
On Mon, 01 Feb 2021, Wenjia Zhao wrote:
Please provide a suitable commit messages.
Describe the problem.
Describe the issue was found.
Describe the solution.
> Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
> ---
> drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/video/backlight/pcf50633-backlight.c b/drivers/video/backlight/pcf50633-backlight.c
> index 540dd338..43267af 100644
> --- a/drivers/video/backlight/pcf50633-backlight.c
> +++ b/drivers/video/backlight/pcf50633-backlight.c
> @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device *pdev)
>
> platform_set_drvdata(pdev, pcf_bl);
>
> - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
> + if (pdata)
> + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
A tab should be 8 chars in Linux.
> /*
> * Should be different from bl_props.brightness, so we do not exit
--
Lee Jones [李琼斯]
Senior Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
2021-02-01 14:41 ` Wenjia Zhao
@ 2021-02-02 9:25 ` Daniel Thompson
-1 siblings, 0 replies; 9+ messages in thread
From: Daniel Thompson @ 2021-02-02 9:25 UTC (permalink / raw)
To: Wenjia Zhao
Cc: Lee Jones, Jingoo Han, Bartlomiej Zolnierkiewicz, dri-devel,
linux-fbdev, linux-kernel
On Mon, Feb 01, 2021 at 08:41:38AM -0600, Wenjia Zhao wrote:
> Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
There should be a patch description here explaining why the patch
is needed and how it works.
> ---
> drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/video/backlight/pcf50633-backlight.c b/drivers/video/backlight/pcf50633-backlight.c
> index 540dd338..43267af 100644
> --- a/drivers/video/backlight/pcf50633-backlight.c
> +++ b/drivers/video/backlight/pcf50633-backlight.c
> @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device *pdev)
>
> platform_set_drvdata(pdev, pcf_bl);
>
> - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
> + if (pdata)
> + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
Assuming you found this issue using a static analyzer then I think it
might be better to if an "if (!pdata) return -EINVAL" further up the
file instead.
In other words it is better to "document" (via the return code) that the
code does not support pdata == NULL than to add another untested code
path.
Daniel.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
@ 2021-02-02 9:25 ` Daniel Thompson
0 siblings, 0 replies; 9+ messages in thread
From: Daniel Thompson @ 2021-02-02 9:25 UTC (permalink / raw)
To: Wenjia Zhao
Cc: linux-fbdev, Bartlomiej Zolnierkiewicz, Jingoo Han, linux-kernel,
dri-devel, Lee Jones
On Mon, Feb 01, 2021 at 08:41:38AM -0600, Wenjia Zhao wrote:
> Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
There should be a patch description here explaining why the patch
is needed and how it works.
> ---
> drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/video/backlight/pcf50633-backlight.c b/drivers/video/backlight/pcf50633-backlight.c
> index 540dd338..43267af 100644
> --- a/drivers/video/backlight/pcf50633-backlight.c
> +++ b/drivers/video/backlight/pcf50633-backlight.c
> @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device *pdev)
>
> platform_set_drvdata(pdev, pcf_bl);
>
> - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
> + if (pdata)
> + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
Assuming you found this issue using a static analyzer then I think it
might be better to if an "if (!pdata) return -EINVAL" further up the
file instead.
In other words it is better to "document" (via the return code) that the
code does not support pdata == NULL than to add another untested code
path.
Daniel.
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
2021-02-02 9:25 ` Daniel Thompson
(?)
@ 2021-02-02 21:25 ` FUZZ DR
2021-02-03 11:42 ` Daniel Thompson
-1 siblings, 1 reply; 9+ messages in thread
From: FUZZ DR @ 2021-02-02 21:25 UTC (permalink / raw)
To: Daniel Thompson
Cc: linux-fbdev, Bartlomiej Zolnierkiewicz, Jingoo Han, linux-kernel,
dri-devel, Lee Jones
[-- Attachment #1.1: Type: text/plain, Size: 2785 bytes --]
Sorry about the missing description, I have a description at my local
commit. But the commit description disappeared when I used git send-email
to submit this patch.
backlight: pcf50633: pdata may be a null pointer, null pointer dereference
causes crash
pdata has been checked at line 120 before dereference. However, it is used
without check at line 130. So just add the check,
Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
---
drivers/video/backlight/pcf50633-backlight.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/backlight/pcf50633-backlight.c
b/drivers/video/backlight/pcf50633-backlight.c
index 540dd338..43267af 100644
--- a/drivers/video/backlight/pcf50633-backlight.c
+++ b/drivers/video/backlight/pcf50633-backlight.c
@@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device
*pdev)
platform_set_drvdata(pdev, pcf_bl);
- pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
pdata->ramp_time);
+ if (pdata)
+ pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM, pdata->ramp_time);
/*
* Should be different from bl_props.brightness, so we do not exit
--
It is better to write a default value to the register if the ramp_time has
a default value. Then it does not need to return -EINVAL. It will keep
consistent with the behavior at line 120.
Daniel Thompson <daniel.thompson@linaro.org> 于2021年2月2日周二 上午3:25写道:
> On Mon, Feb 01, 2021 at 08:41:38AM -0600, Wenjia Zhao wrote:
> > Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
>
> There should be a patch description here explaining why the patch
> is needed and how it works.
>
>
> > ---
> > drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/video/backlight/pcf50633-backlight.c
> b/drivers/video/backlight/pcf50633-backlight.c
> > index 540dd338..43267af 100644
> > --- a/drivers/video/backlight/pcf50633-backlight.c
> > +++ b/drivers/video/backlight/pcf50633-backlight.c
> > @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device
> *pdev)
> >
> > platform_set_drvdata(pdev, pcf_bl);
> >
> > - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
> pdata->ramp_time);
> > + if (pdata)
> > + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
> pdata->ramp_time);
>
> Assuming you found this issue using a static analyzer then I think it
> might be better to if an "if (!pdata) return -EINVAL" further up the
> file instead.
>
> In other words it is better to "document" (via the return code) that the
> code does not support pdata == NULL than to add another untested code
> path.
>
>
> Daniel.
>
[-- Attachment #1.2: Type: text/html, Size: 3551 bytes --]
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
2021-02-02 21:25 ` FUZZ DR
@ 2021-02-03 11:42 ` Daniel Thompson
0 siblings, 0 replies; 9+ messages in thread
From: Daniel Thompson @ 2021-02-03 11:42 UTC (permalink / raw)
To: FUZZ DR
Cc: Lee Jones, Jingoo Han, Bartlomiej Zolnierkiewicz, dri-devel,
linux-fbdev, linux-kernel
On Tue, Feb 02, 2021 at 03:25:49PM -0600, FUZZ DR wrote:
> Sorry about the missing description, I have a description at my local
> commit. But the commit description disappeared when I used git send-email
> to submit this patch.
>
> backlight: pcf50633: pdata may be a null pointer, null pointer dereference
> causes crash
> pdata has been checked at line 120 before dereference. However, it is used
> without check at line 130. So just add the check,
To be clear what your analyzer is reporting is a mismatch of programmer
intent.
In line 120 suggests a belief that pdata could be NULL whilst line 130
suggests a belief that pdata is never NULL. Your analyzer cannot not tell
you which belief is incorrect, only that there is a mismatch.
> It is better to write a default value to the register if the ramp_time has
> a default value. Then it does not need to return -EINVAL. It will keep
> consistent with the behavior at line 120.
I disagree.
You have assumed that line 120 is correct and that this code needs to
support the case where pdata is NULL. However eleven years of history
disprove this! This code is never called without valid platform data.
Therefore we should fix the assumption on line 120 by making it clear
that this code code expects non-NULL platform data. Given there are
developers working to eliminate this kind of platform data structure
(by adopting device properties instead) I don't want to make their
life harder by implementing unused and untested special cases that
they would have to reason about.
Daniel.
>
> Daniel Thompson <daniel.thompson@linaro.org> 于2021年2月2日周二 上午3:25写道:
>
> > On Mon, Feb 01, 2021 at 08:41:38AM -0600, Wenjia Zhao wrote:
> > > Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
> >
> > There should be a patch description here explaining why the patch
> > is needed and how it works.
> >
> >
> > > ---
> > > drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/video/backlight/pcf50633-backlight.c
> > b/drivers/video/backlight/pcf50633-backlight.c
> > > index 540dd338..43267af 100644
> > > --- a/drivers/video/backlight/pcf50633-backlight.c
> > > +++ b/drivers/video/backlight/pcf50633-backlight.c
> > > @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device
> > *pdev)
> > >
> > > platform_set_drvdata(pdev, pcf_bl);
> > >
> > > - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
> > pdata->ramp_time);
> > > + if (pdata)
> > > + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
> > pdata->ramp_time);
> >
> > Assuming you found this issue using a static analyzer then I think it
> > might be better to if an "if (!pdata) return -EINVAL" further up the
> > file instead.
> >
> > In other words it is better to "document" (via the return code) that the
> > code does not support pdata == NULL than to add another untested code
> > path.
> >
> >
> > Daniel.
> >
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash
@ 2021-02-03 11:42 ` Daniel Thompson
0 siblings, 0 replies; 9+ messages in thread
From: Daniel Thompson @ 2021-02-03 11:42 UTC (permalink / raw)
To: FUZZ DR
Cc: linux-fbdev, Bartlomiej Zolnierkiewicz, Jingoo Han, linux-kernel,
dri-devel, Lee Jones
On Tue, Feb 02, 2021 at 03:25:49PM -0600, FUZZ DR wrote:
> Sorry about the missing description, I have a description at my local
> commit. But the commit description disappeared when I used git send-email
> to submit this patch.
>
> backlight: pcf50633: pdata may be a null pointer, null pointer dereference
> causes crash
> pdata has been checked at line 120 before dereference. However, it is used
> without check at line 130. So just add the check,
To be clear what your analyzer is reporting is a mismatch of programmer
intent.
In line 120 suggests a belief that pdata could be NULL whilst line 130
suggests a belief that pdata is never NULL. Your analyzer cannot not tell
you which belief is incorrect, only that there is a mismatch.
> It is better to write a default value to the register if the ramp_time has
> a default value. Then it does not need to return -EINVAL. It will keep
> consistent with the behavior at line 120.
I disagree.
You have assumed that line 120 is correct and that this code needs to
support the case where pdata is NULL. However eleven years of history
disprove this! This code is never called without valid platform data.
Therefore we should fix the assumption on line 120 by making it clear
that this code code expects non-NULL platform data. Given there are
developers working to eliminate this kind of platform data structure
(by adopting device properties instead) I don't want to make their
life harder by implementing unused and untested special cases that
they would have to reason about.
Daniel.
>
> Daniel Thompson <daniel.thompson@linaro.org> 于2021年2月2日周二 上午3:25写道:
>
> > On Mon, Feb 01, 2021 at 08:41:38AM -0600, Wenjia Zhao wrote:
> > > Signed-off-by: Wenjia Zhao <driverfuzzing@gmail.com>
> >
> > There should be a patch description here explaining why the patch
> > is needed and how it works.
> >
> >
> > > ---
> > > drivers/video/backlight/pcf50633-backlight.c | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/video/backlight/pcf50633-backlight.c
> > b/drivers/video/backlight/pcf50633-backlight.c
> > > index 540dd338..43267af 100644
> > > --- a/drivers/video/backlight/pcf50633-backlight.c
> > > +++ b/drivers/video/backlight/pcf50633-backlight.c
> > > @@ -127,7 +127,8 @@ static int pcf50633_bl_probe(struct platform_device
> > *pdev)
> > >
> > > platform_set_drvdata(pdev, pcf_bl);
> > >
> > > - pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
> > pdata->ramp_time);
> > > + if (pdata)
> > > + pcf50633_reg_write(pcf_bl->pcf, PCF50633_REG_LEDDIM,
> > pdata->ramp_time);
> >
> > Assuming you found this issue using a static analyzer then I think it
> > might be better to if an "if (!pdata) return -EINVAL" further up the
> > file instead.
> >
> > In other words it is better to "document" (via the return code) that the
> > code does not support pdata == NULL than to add another untested code
> > path.
> >
> >
> > Daniel.
> >
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-02-03 11:43 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-01 14:41 [PATCH] backlight: pcf50633: pdata may be a null pointer, null pointer dereference cause crash Wenjia Zhao
2021-02-01 14:41 ` Wenjia Zhao
2021-02-02 8:28 ` Lee Jones
2021-02-02 8:28 ` Lee Jones
2021-02-02 9:25 ` Daniel Thompson
2021-02-02 9:25 ` Daniel Thompson
2021-02-02 21:25 ` FUZZ DR
2021-02-03 11:42 ` Daniel Thompson
2021-02-03 11:42 ` Daniel Thompson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.