* Potential NULL pointer deference in spi
@ 2019-10-10 5:37 Yizhuo Zhai
2019-10-10 5:48 ` Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Yizhuo Zhai @ 2019-10-10 5:37 UTC (permalink / raw)
To: Mark Brown, linux-spi, linux-kernel, Zhiyun Qian, Chengyu Song
Hi All:
drivers/spi/spi.c:
The function to_spi_device() could return NULL, but some callers
in this file does not check the return value while directly dereference
it, which seems potentially unsafe.
Such callers include spidev_release(), spi_dev_check(),
driver_override_store(), etc.
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Potential NULL pointer deference in spi
2019-10-10 5:37 Potential NULL pointer deference in spi Yizhuo Zhai
@ 2019-10-10 5:48 ` Eric Dumazet
2019-10-11 5:31 ` Yizhuo Zhai
0 siblings, 1 reply; 4+ messages in thread
From: Eric Dumazet @ 2019-10-10 5:48 UTC (permalink / raw)
To: Yizhuo Zhai, Mark Brown, linux-spi, linux-kernel, Zhiyun Qian,
Chengyu Song
On 10/9/19 10:37 PM, Yizhuo Zhai wrote:
> Hi All:
>
> drivers/spi/spi.c:
>
> The function to_spi_device() could return NULL, but some callers
> in this file does not check the return value while directly dereference
> it, which seems potentially unsafe.
>
> Such callers include spidev_release(), spi_dev_check(),
> driver_override_store(), etc.
>
>
Many of your reports are completely bogus.
I suggest you spend more time before sending such emails to very large audience
and risk being ignored at some point.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Potential NULL pointer deference in spi
2019-10-10 5:48 ` Eric Dumazet
@ 2019-10-11 5:31 ` Yizhuo Zhai
2019-10-11 16:01 ` Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Yizhuo Zhai @ 2019-10-11 5:31 UTC (permalink / raw)
To: Eric Dumazet
Cc: Mark Brown, linux-spi, linux-kernel, Zhiyun Qian, Chengyu Song
Hi Eric:
My apologies for bothering, we got those report via static analysis
and haven't got a good method to verify the path to trigger them.
Therefore I sent those email to you maintainers first since you
know much better about the details. Sorry again for your time and
I take your suggestions.
On Wed, Oct 9, 2019 at 10:48 PM Eric Dumazet <eric.dumazet@gmail.com> wrote:
>
>
>
> On 10/9/19 10:37 PM, Yizhuo Zhai wrote:
> > Hi All:
> >
> > drivers/spi/spi.c:
> >
> > The function to_spi_device() could return NULL, but some callers
> > in this file does not check the return value while directly dereference
> > it, which seems potentially unsafe.
> >
> > Such callers include spidev_release(), spi_dev_check(),
> > driver_override_store(), etc.
> >
> >
>
>
> Many of your reports are completely bogus.
>
> I suggest you spend more time before sending such emails to very large audience
> and risk being ignored at some point.
>
> Thanks.
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Potential NULL pointer deference in spi
2019-10-11 5:31 ` Yizhuo Zhai
@ 2019-10-11 16:01 ` Eric Dumazet
0 siblings, 0 replies; 4+ messages in thread
From: Eric Dumazet @ 2019-10-11 16:01 UTC (permalink / raw)
To: Yizhuo Zhai
Cc: Mark Brown, linux-spi, linux-kernel, Zhiyun Qian, Chengyu Song
On 10/10/19 10:31 PM, Yizhuo Zhai wrote:
> Hi Eric:
>
> My apologies for bothering, we got those report via static analysis
> and haven't got a good method to verify the path to trigger them.
> Therefore I sent those email to you maintainers first since you
> know much better about the details. Sorry again for your time and
> I take your suggestions.
My suggestion is that you need to make deep investigations on your own,
before sending mails to lkml@, reaching thousands of people on the planet.
Static analysis tools having too many false positive are not worth
the time spent by humans.
I knew nothing about drivers/spi/spi.c, but after few minutes reading the code,
it was clear your report was wrong.
Do not ask us to do what you should do yourself.
Thanks.
>
> On Wed, Oct 9, 2019 at 10:48 PM Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>
>>
>>
>> On 10/9/19 10:37 PM, Yizhuo Zhai wrote:
>>> Hi All:
>>>
>>> drivers/spi/spi.c:
>>>
>>> The function to_spi_device() could return NULL, but some callers
>>> in this file does not check the return value while directly dereference
>>> it, which seems potentially unsafe.
>>>
>>> Such callers include spidev_release(), spi_dev_check(),
>>> driver_override_store(), etc.
>>>
>>>
>>
>>
>> Many of your reports are completely bogus.
>>
>> I suggest you spend more time before sending such emails to very large audience
>> and risk being ignored at some point.
>>
>> Thanks.
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-10-11 16:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-10 5:37 Potential NULL pointer deference in spi Yizhuo Zhai
2019-10-10 5:48 ` Eric Dumazet
2019-10-11 5:31 ` Yizhuo Zhai
2019-10-11 16:01 ` Eric Dumazet
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).