* [PATCH] lib: logic_pio: Fix potential NULL pointer dereference
@ 2018-04-03 21:15 Gustavo A. R. Silva
2018-04-04 8:54 ` John Garry
2018-04-04 13:43 ` Bjorn Helgaas
0 siblings, 2 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2018-04-03 21:15 UTC (permalink / raw)
To: Zhichang Yuan, Gabriele Paoloni, John Garry, Bjorn Helgaas,
Andy Shevchenko
Cc: linux-kernel, Gustavo A. R. Silva
new_range is being dereferenced before it is null checked, hence
there is a potential null pointer dereference.
Fix this by moving the pointer dereference after new_range has
been properly null checked.
Addresses-Coverity-ID: 1466163 ("Dereference before null check")
Fixes: 0a7198426259 ("lib: Add generic PIO mapping method")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
lib/logic_pio.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/logic_pio.c b/lib/logic_pio.c
index 29cedea..30dfdce 100644
--- a/lib/logic_pio.c
+++ b/lib/logic_pio.c
@@ -33,8 +33,8 @@ static DEFINE_MUTEX(io_range_mutex);
int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
{
struct logic_pio_hwaddr *range;
- resource_size_t start = new_range->hw_start;
- resource_size_t end = new_range->hw_start + new_range->size;
+ resource_size_t start;
+ resource_size_t end;
resource_size_t mmio_sz = 0;
resource_size_t iio_sz = MMIO_UPPER_LIMIT;
int ret = 0;
@@ -42,6 +42,9 @@ int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
if (!new_range || !new_range->fwnode || !new_range->size)
return -EINVAL;
+ start = new_range->hw_start;
+ end = new_range->hw_start + new_range->size;
+
mutex_lock(&io_range_mutex);
list_for_each_entry_rcu(range, &io_range_list, list) {
if (range->fwnode == new_range->fwnode) {
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] lib: logic_pio: Fix potential NULL pointer dereference
2018-04-03 21:15 [PATCH] lib: logic_pio: Fix potential NULL pointer dereference Gustavo A. R. Silva
@ 2018-04-04 8:54 ` John Garry
2018-04-04 13:43 ` Bjorn Helgaas
1 sibling, 0 replies; 4+ messages in thread
From: John Garry @ 2018-04-04 8:54 UTC (permalink / raw)
To: Gustavo A. R. Silva, Bjorn Helgaas, Andy Shevchenko
Cc: linux-kernel, Gustavo A. R. Silva
On 03/04/2018 22:15, Gustavo A. R. Silva wrote:
> new_range is being dereferenced before it is null checked, hence
> there is a potential null pointer dereference.
>
> Fix this by moving the pointer dereference after new_range has
> been properly null checked.
>
Hi Gustavo,
In fact we expect new_range to never be NULL. But, if we're going to
check, then better make sure the check is correct...
Thanks,
John
> Addresses-Coverity-ID: 1466163 ("Dereference before null check")
> Fixes: 0a7198426259 ("lib: Add generic PIO mapping method")
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: John Garry <john.garry@huawei.com>
> ---
> lib/logic_pio.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/lib/logic_pio.c b/lib/logic_pio.c
> index 29cedea..30dfdce 100644
> --- a/lib/logic_pio.c
> +++ b/lib/logic_pio.c
> @@ -33,8 +33,8 @@ static DEFINE_MUTEX(io_range_mutex);
> int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
> {
> struct logic_pio_hwaddr *range;
> - resource_size_t start = new_range->hw_start;
> - resource_size_t end = new_range->hw_start + new_range->size;
> + resource_size_t start;
> + resource_size_t end;
> resource_size_t mmio_sz = 0;
> resource_size_t iio_sz = MMIO_UPPER_LIMIT;
> int ret = 0;
> @@ -42,6 +42,9 @@ int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
> if (!new_range || !new_range->fwnode || !new_range->size)
> return -EINVAL;
>
> + start = new_range->hw_start;
> + end = new_range->hw_start + new_range->size;
> +
> mutex_lock(&io_range_mutex);
> list_for_each_entry_rcu(range, &io_range_list, list) {
> if (range->fwnode == new_range->fwnode) {
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] lib: logic_pio: Fix potential NULL pointer dereference
2018-04-03 21:15 [PATCH] lib: logic_pio: Fix potential NULL pointer dereference Gustavo A. R. Silva
2018-04-04 8:54 ` John Garry
@ 2018-04-04 13:43 ` Bjorn Helgaas
1 sibling, 0 replies; 4+ messages in thread
From: Bjorn Helgaas @ 2018-04-04 13:43 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Zhichang Yuan, Gabriele Paoloni, John Garry, Bjorn Helgaas,
Andy Shevchenko, linux-kernel, Gustavo A. R. Silva, linux-pci
[+cc linux-pci]
On Tue, Apr 03, 2018 at 04:15:05PM -0500, Gustavo A. R. Silva wrote:
> new_range is being dereferenced before it is null checked, hence
> there is a potential null pointer dereference.
>
> Fix this by moving the pointer dereference after new_range has
> been properly null checked.
>
> Addresses-Coverity-ID: 1466163 ("Dereference before null check")
> Fixes: 0a7198426259 ("lib: Add generic PIO mapping method")
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Folded into 0a7198426259 on pci/lpc, thanks!
> ---
> lib/logic_pio.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/lib/logic_pio.c b/lib/logic_pio.c
> index 29cedea..30dfdce 100644
> --- a/lib/logic_pio.c
> +++ b/lib/logic_pio.c
> @@ -33,8 +33,8 @@ static DEFINE_MUTEX(io_range_mutex);
> int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
> {
> struct logic_pio_hwaddr *range;
> - resource_size_t start = new_range->hw_start;
> - resource_size_t end = new_range->hw_start + new_range->size;
> + resource_size_t start;
> + resource_size_t end;
> resource_size_t mmio_sz = 0;
> resource_size_t iio_sz = MMIO_UPPER_LIMIT;
> int ret = 0;
> @@ -42,6 +42,9 @@ int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
> if (!new_range || !new_range->fwnode || !new_range->size)
> return -EINVAL;
>
> + start = new_range->hw_start;
> + end = new_range->hw_start + new_range->size;
> +
> mutex_lock(&io_range_mutex);
> list_for_each_entry_rcu(range, &io_range_list, list) {
> if (range->fwnode == new_range->fwnode) {
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] lib: logic_pio: Fix potential NULL pointer dereference
@ 2018-04-03 21:12 Gustavo A. R. Silva
0 siblings, 0 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2018-04-03 21:12 UTC (permalink / raw)
To: Zhichang Yuan; +Cc: linux-kernel, Gustavo A. R. Silva
new_range is being dereferenced before it is null checked, hence
there is a potential null pointer dereference.
Fix this by moving the pointer dereference after new_range has
been properly null checked.
Addresses-Coverity-ID: 1466163 ("Dereference before null check")
Fixes: 0a7198426259 ("lib: Add generic PIO mapping method")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
lib/logic_pio.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/logic_pio.c b/lib/logic_pio.c
index 29cedea..30dfdce 100644
--- a/lib/logic_pio.c
+++ b/lib/logic_pio.c
@@ -33,8 +33,8 @@ static DEFINE_MUTEX(io_range_mutex);
int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
{
struct logic_pio_hwaddr *range;
- resource_size_t start = new_range->hw_start;
- resource_size_t end = new_range->hw_start + new_range->size;
+ resource_size_t start;
+ resource_size_t end;
resource_size_t mmio_sz = 0;
resource_size_t iio_sz = MMIO_UPPER_LIMIT;
int ret = 0;
@@ -42,6 +42,9 @@ int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
if (!new_range || !new_range->fwnode || !new_range->size)
return -EINVAL;
+ start = new_range->hw_start;
+ end = new_range->hw_start + new_range->size;
+
mutex_lock(&io_range_mutex);
list_for_each_entry_rcu(range, &io_range_list, list) {
if (range->fwnode == new_range->fwnode) {
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-04 13:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-03 21:15 [PATCH] lib: logic_pio: Fix potential NULL pointer dereference Gustavo A. R. Silva
2018-04-04 8:54 ` John Garry
2018-04-04 13:43 ` Bjorn Helgaas
-- strict thread matches above, loose matches on Subject: below --
2018-04-03 21:12 Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.