* [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference
@ 2019-06-13 10:06 Suzuki K Poulose
2019-06-13 10:06 ` [PATCH 2/2] coresight: tmc: " Suzuki K Poulose
2019-06-17 19:28 ` [PATCH 1/2] coresight: etm3x: " Mathieu Poirier
0 siblings, 2 replies; 4+ messages in thread
From: Suzuki K Poulose @ 2019-06-13 10:06 UTC (permalink / raw)
To: linux-arm-kernel
Cc: coresight, Dan Carpenter, mathieu.poirier, Suzuki K Poulose
Based on the following report from Smatch tool, make sure we have a
valid drvdata before we dereference it to find the real dev.
The patch 21d26b905c05: "coresight: etm: Clean up device specific
data" from May 22, 2019, leads to the following Smatch complaint:
./drivers/hwtracing/coresight/coresight-etm3x.c:460 etm_get_trace_id()
warn: variable dereferenced before check 'drvdata' (see line 458)
./drivers/hwtracing/coresight/coresight-etm3x.c
457 int trace_id = -1;
458 struct device *etm_dev = drvdata->csdev->dev.parent;
^^^^^^^^^
New dereference
459
460 if (!drvdata)
^^^^^^^^
Checked too late. Delete the check?
461 goto out;
462
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
drivers/hwtracing/coresight/coresight-etm3x.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm3x.c b/drivers/hwtracing/coresight/coresight-etm3x.c
index bed7291..225c298 100644
--- a/drivers/hwtracing/coresight/coresight-etm3x.c
+++ b/drivers/hwtracing/coresight/coresight-etm3x.c
@@ -455,11 +455,12 @@ int etm_get_trace_id(struct etm_drvdata *drvdata)
{
unsigned long flags;
int trace_id = -1;
- struct device *etm_dev = drvdata->csdev->dev.parent;
+ struct device *etm_dev;
if (!drvdata)
goto out;
+ etm_dev = drvdata->csdev->dev.parent;
if (!local_read(&drvdata->mode))
return drvdata->traceid;
--
2.7.4
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] coresight: tmc: Smatch: Fix potential NULL pointer dereference
2019-06-13 10:06 [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference Suzuki K Poulose
@ 2019-06-13 10:06 ` Suzuki K Poulose
2019-06-17 19:28 ` [PATCH 1/2] coresight: etm3x: " Mathieu Poirier
1 sibling, 0 replies; 4+ messages in thread
From: Suzuki K Poulose @ 2019-06-13 10:06 UTC (permalink / raw)
To: linux-arm-kernel
Cc: coresight, Dan Carpenter, mathieu.poirier, Suzuki K Poulose
Based on the following report from Smatch, fix the potential
NULL pointer dereference check.
The patch 743256e214e8: "coresight: tmc: Clean up device specific
data" from May 22, 2019, leads to the following Smatch complaint:
drivers/hwtracing/coresight/coresight-tmc-etr.c:625 tmc_etr_free_flat_buf()
warn: variable dereferenced before check 'flat_buf' (see line 623)
drivers/hwtracing/coresight/coresight-tmc-etr.c
622 struct etr_flat_buf *flat_buf = etr_buf->private;
623 struct device *real_dev = flat_buf->dev->parent;
^^^^^^^^^^
The patch introduces a new NULL check
624
625 if (flat_buf && flat_buf->daddr)
^^^^^^^^
but the existing code assumed it can be NULL.
626 dma_free_coherent(real_dev, flat_buf->size,
627 flat_buf->vaddr, flat_buf->daddr);
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
drivers/hwtracing/coresight/coresight-tmc-etr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c
index 5d2bf6d..1700670 100644
--- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
@@ -620,11 +620,13 @@ static int tmc_etr_alloc_flat_buf(struct tmc_drvdata *drvdata,
static void tmc_etr_free_flat_buf(struct etr_buf *etr_buf)
{
struct etr_flat_buf *flat_buf = etr_buf->private;
- struct device *real_dev = flat_buf->dev->parent;
- if (flat_buf && flat_buf->daddr)
+ if (flat_buf && flat_buf->daddr) {
+ struct device *real_dev = flat_buf->dev->parent;
+
dma_free_coherent(real_dev, flat_buf->size,
flat_buf->vaddr, flat_buf->daddr);
+ }
kfree(flat_buf);
}
--
2.7.4
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference
2019-06-13 10:06 [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference Suzuki K Poulose
2019-06-13 10:06 ` [PATCH 2/2] coresight: tmc: " Suzuki K Poulose
@ 2019-06-17 19:28 ` Mathieu Poirier
1 sibling, 0 replies; 4+ messages in thread
From: Mathieu Poirier @ 2019-06-17 19:28 UTC (permalink / raw)
To: Suzuki K Poulose; +Cc: Coresight ML, Dan Carpenter, linux-arm-kernel
On Thu, 13 Jun 2019 at 04:06, Suzuki K Poulose <suzuki.poulose@arm.com> wrote:
>
> Based on the following report from Smatch tool, make sure we have a
> valid drvdata before we dereference it to find the real dev.
>
> The patch 21d26b905c05: "coresight: etm: Clean up device specific
> data" from May 22, 2019, leads to the following Smatch complaint:
>
> ./drivers/hwtracing/coresight/coresight-etm3x.c:460 etm_get_trace_id()
> warn: variable dereferenced before check 'drvdata' (see line 458)
>
> ./drivers/hwtracing/coresight/coresight-etm3x.c
> 457 int trace_id = -1;
> 458 struct device *etm_dev = drvdata->csdev->dev.parent;
> ^^^^^^^^^
> New dereference
>
> 459
> 460 if (!drvdata)
> ^^^^^^^^
> Checked too late. Delete the check?
>
> 461 goto out;
> 462
>
> Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
> Cc: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> ---
> drivers/hwtracing/coresight/coresight-etm3x.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hwtracing/coresight/coresight-etm3x.c b/drivers/hwtracing/coresight/coresight-etm3x.c
> index bed7291..225c298 100644
> --- a/drivers/hwtracing/coresight/coresight-etm3x.c
> +++ b/drivers/hwtracing/coresight/coresight-etm3x.c
> @@ -455,11 +455,12 @@ int etm_get_trace_id(struct etm_drvdata *drvdata)
> {
> unsigned long flags;
> int trace_id = -1;
> - struct device *etm_dev = drvdata->csdev->dev.parent;
> + struct device *etm_dev;
>
> if (!drvdata)
> goto out;
>
> + etm_dev = drvdata->csdev->dev.parent;
> if (!local_read(&drvdata->mode))
> return drvdata->traceid;
>
I have applied both patches in this set.
Thanks,
Mathieu
> --
> 2.7.4
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference
2019-06-21 17:52 [PATCH 0/2] coresight: next v5.2-rc5 (Part 2) Mathieu Poirier
@ 2019-06-21 17:52 ` Mathieu Poirier
0 siblings, 0 replies; 4+ messages in thread
From: Mathieu Poirier @ 2019-06-21 17:52 UTC (permalink / raw)
To: gregkh; +Cc: linux-arm-kernel
From: Suzuki K Poulose <suzuki.poulose@arm.com>
Based on the following report from Smatch tool, make sure we have a
valid drvdata before we dereference it to find the real dev.
The patch 21d26b905c05: "coresight: etm: Clean up device specific
data" from May 22, 2019, leads to the following Smatch complaint:
./drivers/hwtracing/coresight/coresight-etm3x.c:460 etm_get_trace_id()
warn: variable dereferenced before check 'drvdata' (see line 458)
./drivers/hwtracing/coresight/coresight-etm3x.c
457 int trace_id = -1;
458 struct device *etm_dev = drvdata->csdev->dev.parent;
^^^^^^^^^
New dereference
459
460 if (!drvdata)
^^^^^^^^
Checked too late. Delete the check?
461 goto out;
462
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
drivers/hwtracing/coresight/coresight-etm3x.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm3x.c b/drivers/hwtracing/coresight/coresight-etm3x.c
index bed729140718..225c2982e4fe 100644
--- a/drivers/hwtracing/coresight/coresight-etm3x.c
+++ b/drivers/hwtracing/coresight/coresight-etm3x.c
@@ -455,11 +455,12 @@ int etm_get_trace_id(struct etm_drvdata *drvdata)
{
unsigned long flags;
int trace_id = -1;
- struct device *etm_dev = drvdata->csdev->dev.parent;
+ struct device *etm_dev;
if (!drvdata)
goto out;
+ etm_dev = drvdata->csdev->dev.parent;
if (!local_read(&drvdata->mode))
return drvdata->traceid;
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-06-21 17:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-13 10:06 [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference Suzuki K Poulose
2019-06-13 10:06 ` [PATCH 2/2] coresight: tmc: " Suzuki K Poulose
2019-06-17 19:28 ` [PATCH 1/2] coresight: etm3x: " Mathieu Poirier
2019-06-21 17:52 [PATCH 0/2] coresight: next v5.2-rc5 (Part 2) Mathieu Poirier
2019-06-21 17:52 ` [PATCH 1/2] coresight: etm3x: Smatch: Fix potential NULL pointer dereference Mathieu Poirier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).