Coverity: calibrate_8976(): Memory - illegal accesses

Coverity: calibrate_8976(): Memory - illegal accesses

[coverity-bot]

Hello!

This is an experimental automated report about issues detected by Coverity
from a scan of next-20191025 as part of the linux-next weekly scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by recent commits:

95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")

Coverity reported the following:

*** CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
/drivers/thermal/qcom/tsens-v1.c: 245 in calibrate_8976()
239     	int mode = 0, tmp = 0;
240     	u32 *qfprom_cdata;
241
242     	qfprom_cdata = (u32 *)qfprom_read(priv->dev, "calib");
243     	if (IS_ERR(qfprom_cdata)) {
244     		kfree(qfprom_cdata);
vvv     CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
vvv     Passing freed pointer "qfprom_cdata" as an argument to "PTR_ERR".
245     		return PTR_ERR(qfprom_cdata);
246     	}
247
248     	mode = (qfprom_cdata[4] & MSM8976_CAL_SEL_MASK);
249     	dev_dbg(priv->dev, "calibration mode is %d\n", mode);
250

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include:

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487355 ("Memory - illegal accesses")
Fixes: 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")


Thanks for your attention!

-- 
Coverity-bot

Re: Coverity: calibrate_8976(): Memory - illegal accesses

[Gustavo A. R. Silva]

Hi,

This one has been addressed already:

https://lore.kernel.org/lkml/CAK7fi1a8CiX=HVqhZSmQJdcjF1X_kdHFDwJhEpYJUcdPTcbMQA@mail.gmail.com/

Thanks
--
Gustavo

On 10/28/19 18:03, coverity-bot wrote:
> Hello!
> 
> This is an experimental automated report about issues detected by Coverity
> from a scan of next-20191025 as part of the linux-next weekly scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
> 
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by recent commits:
> 
> 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")
> 
> Coverity reported the following:
> 
> *** CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
> /drivers/thermal/qcom/tsens-v1.c: 245 in calibrate_8976()
> 239     	int mode = 0, tmp = 0;
> 240     	u32 *qfprom_cdata;
> 241
> 242     	qfprom_cdata = (u32 *)qfprom_read(priv->dev, "calib");
> 243     	if (IS_ERR(qfprom_cdata)) {
> 244     		kfree(qfprom_cdata);
> vvv     CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
> vvv     Passing freed pointer "qfprom_cdata" as an argument to "PTR_ERR".
> 245     		return PTR_ERR(qfprom_cdata);
> 246     	}
> 247
> 248     	mode = (qfprom_cdata[4] & MSM8976_CAL_SEL_MASK);
> 249     	dev_dbg(priv->dev, "calibration mode is %d\n", mode);
> 250
> 
> If this is a false positive, please let us know so we can mark it as
> such, or teach the Coverity rules to be smarter. If not, please make
> sure fixes get into linux-next. :) For patches fixing this, please
> include:
> 
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1487355 ("Memory - illegal accesses")
> Fixes: 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")
> 
> 
> Thanks for your attention!
> 

Re: Coverity: calibrate_8976(): Memory - illegal accesses

[Kees Cook]

On Mon, Oct 28, 2019 at 5:08 PM Gustavo A. R. Silva
<gustavo@embeddedor.com> wrote:
>
> Hi,
>
> This one has been addressed already:
>
> https://lore.kernel.org/lkml/CAK7fi1a8CiX=HVqhZSmQJdcjF1X_kdHFDwJhEpYJUcdPTcbMQA@mail.gmail.com/
>

Ah-ha, excellent. Colin, do you want me to CC you on these automatic
reports too?

-Kees

> Thanks
> --
> Gustavo
>
> On 10/28/19 18:03, coverity-bot wrote:
> > Hello!
> >
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191025 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> >
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> >
> > 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")
> >
> > Coverity reported the following:
> >
> > *** CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
> > /drivers/thermal/qcom/tsens-v1.c: 245 in calibrate_8976()
> > 239           int mode = 0, tmp = 0;
> > 240           u32 *qfprom_cdata;
> > 241
> > 242           qfprom_cdata = (u32 *)qfprom_read(priv->dev, "calib");
> > 243           if (IS_ERR(qfprom_cdata)) {
> > 244                   kfree(qfprom_cdata);
> > vvv     CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
> > vvv     Passing freed pointer "qfprom_cdata" as an argument to "PTR_ERR".
> > 245                   return PTR_ERR(qfprom_cdata);
> > 246           }
> > 247
> > 248           mode = (qfprom_cdata[4] & MSM8976_CAL_SEL_MASK);
> > 249           dev_dbg(priv->dev, "calibration mode is %d\n", mode);
> > 250
> >
> > If this is a false positive, please let us know so we can mark it as
> > such, or teach the Coverity rules to be smarter. If not, please make
> > sure fixes get into linux-next. :) For patches fixing this, please
> > include:
> >
> > Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> > Addresses-Coverity-ID: 1487355 ("Memory - illegal accesses")
> > Fixes: 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")
> >
> >
> > Thanks for your attention!
> >



-- 
Kees Cook

Re: Coverity: calibrate_8976(): Memory - illegal accesses

[Amit Kucheria]

On Tue, Oct 29, 2019 at 9:30 PM Kees Cook <keescook@chromium.org> wrote:
>
> On Mon, Oct 28, 2019 at 5:08 PM Gustavo A. R. Silva
> <gustavo@embeddedor.com> wrote:
> >
> > Hi,
> >
> > This one has been addressed already:
> >
> > https://lore.kernel.org/lkml/CAK7fi1a8CiX=HVqhZSmQJdcjF1X_kdHFDwJhEpYJUcdPTcbMQA@mail.gmail.com/
> >
>
> Ah-ha, excellent. Colin, do you want me to CC you on these automatic
> reports too?
>

Hi Kees,

Is coverity being run just on linux-next or on mainline too? I've
noticed it found at least one error that has existed for a long-time
only when that code was moved around.

Regards,
Amit

> > On 10/28/19 18:03, coverity-bot wrote:
> > > Hello!
> > >
> > > This is an experimental automated report about issues detected by Coverity
> > > from a scan of next-20191025 as part of the linux-next weekly scan project:
> > > https://scan.coverity.com/projects/linux-next-weekly-scan
> > >
> > > You're getting this email because you were associated with the identified
> > > lines of code (noted below) that were touched by recent commits:
> > >
> > > 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")
> > >
> > > Coverity reported the following:
> > >
> > > *** CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
> > > /drivers/thermal/qcom/tsens-v1.c: 245 in calibrate_8976()
> > > 239           int mode = 0, tmp = 0;
> > > 240           u32 *qfprom_cdata;
> > > 241
> > > 242           qfprom_cdata = (u32 *)qfprom_read(priv->dev, "calib");
> > > 243           if (IS_ERR(qfprom_cdata)) {
> > > 244                   kfree(qfprom_cdata);
> > > vvv     CID 1487355:  Memory - illegal accesses  (USE_AFTER_FREE)
> > > vvv     Passing freed pointer "qfprom_cdata" as an argument to "PTR_ERR".
> > > 245                   return PTR_ERR(qfprom_cdata);
> > > 246           }
> > > 247
> > > 248           mode = (qfprom_cdata[4] & MSM8976_CAL_SEL_MASK);
> > > 249           dev_dbg(priv->dev, "calibration mode is %d\n", mode);
> > > 250
> > >
> > > If this is a false positive, please let us know so we can mark it as
> > > such, or teach the Coverity rules to be smarter. If not, please make
> > > sure fixes get into linux-next. :) For patches fixing this, please
> > > include:
> > >
> > > Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> > > Addresses-Coverity-ID: 1487355 ("Memory - illegal accesses")
> > > Fixes: 95ededc17e4e ("thermal: qcom: tsens-v1: Add support for MSM8956 and MSM8976")
> > >
> > >
> > > Thanks for your attention!
> > >
>
>
>
> --
> Kees Cook

Re: Coverity: calibrate_8976(): Memory - illegal accesses

[Kees Cook]

On Tue, Oct 29, 2019 at 09:37:57PM +0530, Amit Kucheria wrote:
> On Tue, Oct 29, 2019 at 9:30 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Mon, Oct 28, 2019 at 5:08 PM Gustavo A. R. Silva
> > <gustavo@embeddedor.com> wrote:
> > >
> > > Hi,
> > >
> > > This one has been addressed already:
> > >
> > > https://lore.kernel.org/lkml/CAK7fi1a8CiX=HVqhZSmQJdcjF1X_kdHFDwJhEpYJUcdPTcbMQA@mail.gmail.com/
> > >
> >
> > Ah-ha, excellent. Colin, do you want me to CC you on these automatic
> > reports too?
> >
> 
> Hi Kees,
> 
> Is coverity being run just on linux-next or on mainline too? I've
> noticed it found at least one error that has existed for a long-time
> only when that code was moved around.

There is another public Coverity scan that runs the -rcX releases. Dave
Jones tends to operate that one, and I haven't attached any tooling to
that one. I wanted to see how noisy running against linux-next was
first...

-- 
Kees Cook