All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference
@ 2015-11-11 20:27 LABBE Corentin
  2015-11-11 20:27 ` [PATCH 2/3] gpio: syscon: " LABBE Corentin
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: LABBE Corentin @ 2015-11-11 20:27 UTC (permalink / raw)
  To: gnurou, linus.walleij; +Cc: LABBE Corentin, linux-gpio, linux-kernel

of_match_device could return NULL, and so cause a NULL pointer
dereference later at line 132:
priv->flags = (uintptr_t) of_id->data;

Reported-by: coverity (CID 1324141)
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/gpio/gpio-74xx-mmio.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/gpio/gpio-74xx-mmio.c b/drivers/gpio/gpio-74xx-mmio.c
index 6ed7c0f..6b18682 100644
--- a/drivers/gpio/gpio-74xx-mmio.c
+++ b/drivers/gpio/gpio-74xx-mmio.c
@@ -113,13 +113,16 @@ static int mmio_74xx_dir_out(struct gpio_chip *gc, unsigned int gpio, int val)
 
 static int mmio_74xx_gpio_probe(struct platform_device *pdev)
 {
-	const struct of_device_id *of_id =
-		of_match_device(mmio_74xx_gpio_ids, &pdev->dev);
+	const struct of_device_id *of_id;
 	struct mmio_74xx_gpio_priv *priv;
 	struct resource *res;
 	void __iomem *dat;
 	int err;
 
+	of_id = of_match_device(mmio_74xx_gpio_ids, &pdev->dev);
+	if (!of_id)
+		return -ENODEV;
+
 	priv = devm_kzalloc(&pdev->dev, sizeof(*priv), GFP_KERNEL);
 	if (!priv)
 		return -ENOMEM;
-- 
2.4.10


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [PATCH 2/3] gpio: syscon: fix a possible NULL dereference
  2015-11-11 20:27 [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference LABBE Corentin
@ 2015-11-11 20:27 ` LABBE Corentin
  2015-11-17 13:39   ` Linus Walleij
  2015-11-11 20:27 ` [PATCH 3/3] gpio: palmas: " LABBE Corentin
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 8+ messages in thread
From: LABBE Corentin @ 2015-11-11 20:27 UTC (permalink / raw)
  To: gnurou, linus.walleij; +Cc: LABBE Corentin, linux-gpio, linux-kernel

of_match_device could return NULL, and so cause a NULL pointer
dereference later at line 199:
priv->flags = of_id->data;

Reported-by: coverity (CID 1324140)
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/gpio/gpio-syscon.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/gpio/gpio-syscon.c b/drivers/gpio/gpio-syscon.c
index 045a952..7b25fdf 100644
--- a/drivers/gpio/gpio-syscon.c
+++ b/drivers/gpio/gpio-syscon.c
@@ -187,11 +187,15 @@ MODULE_DEVICE_TABLE(of, syscon_gpio_ids);
 static int syscon_gpio_probe(struct platform_device *pdev)
 {
 	struct device *dev = &pdev->dev;
-	const struct of_device_id *of_id = of_match_device(syscon_gpio_ids, dev);
+	const struct of_device_id *of_id;
 	struct syscon_gpio_priv *priv;
 	struct device_node *np = dev->of_node;
 	int ret;
 
+	of_id = of_match_device(syscon_gpio_ids, dev);
+	if (!of_id)
+		return -ENODEV;
+
 	priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
 	if (!priv)
 		return -ENOMEM;
-- 
2.4.10

^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [PATCH 3/3] gpio: palmas: fix a possible NULL dereference
  2015-11-11 20:27 [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference LABBE Corentin
  2015-11-11 20:27 ` [PATCH 2/3] gpio: syscon: " LABBE Corentin
@ 2015-11-11 20:27 ` LABBE Corentin
  2015-11-17 13:41   ` Linus Walleij
  2015-11-17 13:37 ` [PATCH 1/3] gpio: 74xx: " Linus Walleij
  2015-11-20  9:22 ` Geert Uytterhoeven
  3 siblings, 1 reply; 8+ messages in thread
From: LABBE Corentin @ 2015-11-11 20:27 UTC (permalink / raw)
  To: gnurou, linus.walleij; +Cc: LABBE Corentin, linux-gpio, linux-kernel

of_match_device could return NULL, and so cause a NULL pointer
dereference later.

Reported-by: coverity (CID 1130700)
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/gpio/gpio-palmas.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpio/gpio-palmas.c b/drivers/gpio/gpio-palmas.c
index 171a638..52b447c 100644
--- a/drivers/gpio/gpio-palmas.c
+++ b/drivers/gpio/gpio-palmas.c
@@ -167,6 +167,8 @@ static int palmas_gpio_probe(struct platform_device *pdev)
 	const struct palmas_device_data *dev_data;
 
 	match = of_match_device(of_palmas_gpio_match, &pdev->dev);
+	if (!match)
+		return -ENODEV;
 	dev_data = match->data;
 	if (!dev_data)
 		dev_data = &palmas_dev_data;
-- 
2.4.10


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference
  2015-11-11 20:27 [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference LABBE Corentin
  2015-11-11 20:27 ` [PATCH 2/3] gpio: syscon: " LABBE Corentin
  2015-11-11 20:27 ` [PATCH 3/3] gpio: palmas: " LABBE Corentin
@ 2015-11-17 13:37 ` Linus Walleij
  2015-11-20  9:22 ` Geert Uytterhoeven
  3 siblings, 0 replies; 8+ messages in thread
From: Linus Walleij @ 2015-11-17 13:37 UTC (permalink / raw)
  To: LABBE Corentin; +Cc: Alexandre Courbot, linux-gpio, linux-kernel

On Wed, Nov 11, 2015 at 9:27 PM, LABBE Corentin
<clabbe.montjoie@gmail.com> wrote:

> of_match_device could return NULL, and so cause a NULL pointer
> dereference later at line 132:
> priv->flags = (uintptr_t) of_id->data;
>
> Reported-by: coverity (CID 1324141)
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

Patch applied.

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] gpio: syscon: fix a possible NULL dereference
  2015-11-11 20:27 ` [PATCH 2/3] gpio: syscon: " LABBE Corentin
@ 2015-11-17 13:39   ` Linus Walleij
  0 siblings, 0 replies; 8+ messages in thread
From: Linus Walleij @ 2015-11-17 13:39 UTC (permalink / raw)
  To: LABBE Corentin; +Cc: Alexandre Courbot, linux-gpio, linux-kernel

On Wed, Nov 11, 2015 at 9:27 PM, LABBE Corentin
<clabbe.montjoie@gmail.com> wrote:

> of_match_device could return NULL, and so cause a NULL pointer
> dereference later at line 199:
> priv->flags = of_id->data;
>
> Reported-by: coverity (CID 1324140)
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

Took out the previously applied version and applied this instead.

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 3/3] gpio: palmas: fix a possible NULL dereference
  2015-11-11 20:27 ` [PATCH 3/3] gpio: palmas: " LABBE Corentin
@ 2015-11-17 13:41   ` Linus Walleij
  0 siblings, 0 replies; 8+ messages in thread
From: Linus Walleij @ 2015-11-17 13:41 UTC (permalink / raw)
  To: LABBE Corentin; +Cc: Alexandre Courbot, linux-gpio, linux-kernel

On Wed, Nov 11, 2015 at 9:27 PM, LABBE Corentin
<clabbe.montjoie@gmail.com> wrote:

> of_match_device could return NULL, and so cause a NULL pointer
> dereference later.
>
> Reported-by: coverity (CID 1130700)
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

Patch applied.

ALl of these seem pretty academic, as the match table is likely
the same that causes the device core to call probe() in the
first place. But whatever.

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference
  2015-11-11 20:27 [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference LABBE Corentin
                   ` (2 preceding siblings ...)
  2015-11-17 13:37 ` [PATCH 1/3] gpio: 74xx: " Linus Walleij
@ 2015-11-20  9:22 ` Geert Uytterhoeven
  2015-11-30 12:08   ` Linus Walleij
  3 siblings, 1 reply; 8+ messages in thread
From: Geert Uytterhoeven @ 2015-11-20  9:22 UTC (permalink / raw)
  To: LABBE Corentin; +Cc: Alexandre Courbot, Linus Walleij, linux-gpio, linux-kernel

On Wed, Nov 11, 2015 at 9:27 PM, LABBE Corentin
<clabbe.montjoie@gmail.com> wrote:
> of_match_device could return NULL, and so cause a NULL pointer
> dereference later at line 132:
> priv->flags = (uintptr_t) of_id->data;
>
> Reported-by: coverity (CID 1324141)

This is a DT-only driver, hence this cannot happen?

> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> ---
>  drivers/gpio/gpio-74xx-mmio.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpio/gpio-74xx-mmio.c b/drivers/gpio/gpio-74xx-mmio.c
> index 6ed7c0f..6b18682 100644
> --- a/drivers/gpio/gpio-74xx-mmio.c
> +++ b/drivers/gpio/gpio-74xx-mmio.c
> @@ -113,13 +113,16 @@ static int mmio_74xx_dir_out(struct gpio_chip *gc, unsigned int gpio, int val)
>
>  static int mmio_74xx_gpio_probe(struct platform_device *pdev)
>  {
> -       const struct of_device_id *of_id =
> -               of_match_device(mmio_74xx_gpio_ids, &pdev->dev);
> +       const struct of_device_id *of_id;
>         struct mmio_74xx_gpio_priv *priv;
>         struct resource *res;
>         void __iomem *dat;
>         int err;
>
> +       of_id = of_match_device(mmio_74xx_gpio_ids, &pdev->dev);
> +       if (!of_id)
> +               return -ENODEV;
> +
>         priv = devm_kzalloc(&pdev->dev, sizeof(*priv), GFP_KERNEL);
>         if (!priv)
>                 return -ENOMEM;

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference
  2015-11-20  9:22 ` Geert Uytterhoeven
@ 2015-11-30 12:08   ` Linus Walleij
  0 siblings, 0 replies; 8+ messages in thread
From: Linus Walleij @ 2015-11-30 12:08 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: LABBE Corentin, Alexandre Courbot, linux-gpio, linux-kernel

On Fri, Nov 20, 2015 at 10:22 AM, Geert Uytterhoeven
<geert@linux-m68k.org> wrote:
> On Wed, Nov 11, 2015 at 9:27 PM, LABBE Corentin
> <clabbe.montjoie@gmail.com> wrote:
>> of_match_device could return NULL, and so cause a NULL pointer
>> dereference later at line 132:
>> priv->flags = (uintptr_t) of_id->data;
>>
>> Reported-by: coverity (CID 1324141)
>
> This is a DT-only driver, hence this cannot happen?

Yeah I said the same in comment to some other patch in the
series. But it doesn't hurt much either. Coccinelle has no clue
about deeper semantics, just shallow semantics.

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-11-30 12:08 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-11 20:27 [PATCH 1/3] gpio: 74xx: fix a possible NULL dereference LABBE Corentin
2015-11-11 20:27 ` [PATCH 2/3] gpio: syscon: " LABBE Corentin
2015-11-17 13:39   ` Linus Walleij
2015-11-11 20:27 ` [PATCH 3/3] gpio: palmas: " LABBE Corentin
2015-11-17 13:41   ` Linus Walleij
2015-11-17 13:37 ` [PATCH 1/3] gpio: 74xx: " Linus Walleij
2015-11-20  9:22 ` Geert Uytterhoeven
2015-11-30 12:08   ` Linus Walleij

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.