[PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation
@ 2019-03-12 15:19 Aditya Pakki
  2019-03-23 22:09 ` Aditya Pakki
  2019-04-05  3:36 ` Linus Walleij
  0 siblings, 2 replies; 6+ messages in thread
From: Aditya Pakki @ 2019-03-12 15:19 UTC (permalink / raw)
  To: pakki001; +Cc: kjlu, Linus Walleij, Chen-Yu Tsai, linux-gpio, linux-kernel

axp20x_build_funcs_groups allocates groups via devm_kcalloc and tries to
dereference without checking for NULL. This patch avoids such a
scenario.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
---
 drivers/pinctrl/pinctrl-axp209.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/pinctrl/pinctrl-axp209.c b/drivers/pinctrl/pinctrl-axp209.c
index afd0b533c40a..4fcf7262bed9 100644
--- a/drivers/pinctrl/pinctrl-axp209.c
+++ b/drivers/pinctrl/pinctrl-axp209.c
@@ -366,6 +366,8 @@ static int axp20x_build_funcs_groups(struct platform_device *pdev)
 		pctl->funcs[i].groups = devm_kcalloc(&pdev->dev,
 						     npins, sizeof(char *),
 						     GFP_KERNEL);
+		if (!pctl->funcs[i].groups)
+			return -ENOMEM;
 		for (pin = 0; pin < npins; pin++)
 			pctl->funcs[i].groups[pin] = pctl->desc->pins[pin].name;
 	}
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation
  2019-03-12 15:19 [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation Aditya Pakki
@ 2019-03-23 22:09 ` Aditya Pakki
  2019-04-05  3:36 ` Linus Walleij
  1 sibling, 0 replies; 6+ messages in thread
From: Aditya Pakki @ 2019-03-23 22:09 UTC (permalink / raw)
  Cc: kjlu, Linus Walleij, Chen-Yu Tsai, linux-gpio, linux-kernel

Gentle reminder, Can someone review this patch.


On 3/12/19 10:19 AM, Aditya Pakki wrote:
> axp20x_build_funcs_groups allocates groups via devm_kcalloc and tries to
> dereference without checking for NULL. This patch avoids such a
> scenario.
>
> Signed-off-by: Aditya Pakki <pakki001@umn.edu>
> ---
>  drivers/pinctrl/pinctrl-axp209.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/pinctrl/pinctrl-axp209.c b/drivers/pinctrl/pinctrl-axp209.c
> index afd0b533c40a..4fcf7262bed9 100644
> --- a/drivers/pinctrl/pinctrl-axp209.c
> +++ b/drivers/pinctrl/pinctrl-axp209.c
> @@ -366,6 +366,8 @@ static int axp20x_build_funcs_groups(struct platform_device *pdev)
>  		pctl->funcs[i].groups = devm_kcalloc(&pdev->dev,
>  						     npins, sizeof(char *),
>  						     GFP_KERNEL);
> +		if (!pctl->funcs[i].groups)
> +			return -ENOMEM;
>  		for (pin = 0; pin < npins; pin++)
>  			pctl->funcs[i].groups[pin] = pctl->desc->pins[pin].name;
>  	}

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation
  2019-03-12 15:19 [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation Aditya Pakki
  2019-03-23 22:09 ` Aditya Pakki
@ 2019-04-05  3:36 ` Linus Walleij
  1 sibling, 0 replies; 6+ messages in thread
From: Linus Walleij @ 2019-04-05  3:36 UTC (permalink / raw)
  To: Aditya Pakki
  Cc: Kangjie Lu, Chen-Yu Tsai, open list:GPIO SUBSYSTEM, linux-kernel

On Tue, Mar 12, 2019 at 10:19 PM Aditya Pakki <pakki001@umn.edu> wrote:

> axp20x_build_funcs_groups allocates groups via devm_kcalloc and tries to
> dereference without checking for NULL. This patch avoids such a
> scenario.
>
> Signed-off-by: Aditya Pakki <pakki001@umn.edu>

Patch applied.

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation
@ 2018-08-06 16:06 Anton Vasilyev
  2018-08-08  9:13 ` Chen-Yu Tsai
  2018-08-10 21:13 ` Linus Walleij
  0 siblings, 2 replies; 6+ messages in thread
From: Anton Vasilyev @ 2018-08-06 16:06 UTC (permalink / raw)
  To: Linus Walleij
  Cc: Anton Vasilyev, Chen-Yu Tsai, linux-gpio, linux-kernel, ldv-project

There is no check that allocation in axp20x_funcs_groups_from_mask
is successful.
The patch adds corresponding check and return values.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
---
 drivers/pinctrl/pinctrl-axp209.c | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/drivers/pinctrl/pinctrl-axp209.c b/drivers/pinctrl/pinctrl-axp209.c
index a52779f33ad4..afd0b533c40a 100644
--- a/drivers/pinctrl/pinctrl-axp209.c
+++ b/drivers/pinctrl/pinctrl-axp209.c
@@ -316,7 +316,7 @@ static const struct pinctrl_ops axp20x_pctrl_ops = {
 	.get_group_pins		= axp20x_group_pins,
 };
 
-static void axp20x_funcs_groups_from_mask(struct device *dev, unsigned int mask,
+static int axp20x_funcs_groups_from_mask(struct device *dev, unsigned int mask,
 					  unsigned int mask_len,
 					  struct axp20x_pinctrl_function *func,
 					  const struct pinctrl_pin_desc *pins)
@@ -331,18 +331,22 @@ static void axp20x_funcs_groups_from_mask(struct device *dev, unsigned int mask,
 		func->groups = devm_kcalloc(dev,
 					    ngroups, sizeof(const char *),
 					    GFP_KERNEL);
+		if (!func->groups)
+			return -ENOMEM;
 		group = func->groups;
 		for_each_set_bit(bit, &mask_cpy, mask_len) {
 			*group = pins[bit].name;
 			group++;
 		}
 	}
+
+	return 0;
 }
 
-static void axp20x_build_funcs_groups(struct platform_device *pdev)
+static int axp20x_build_funcs_groups(struct platform_device *pdev)
 {
 	struct axp20x_pctl *pctl = platform_get_drvdata(pdev);
-	int i, pin, npins = pctl->desc->npins;
+	int i, ret, pin, npins = pctl->desc->npins;
 
 	pctl->funcs[AXP20X_FUNC_GPIO_OUT].name = "gpio_out";
 	pctl->funcs[AXP20X_FUNC_GPIO_OUT].muxval = AXP20X_MUX_GPIO_OUT;
@@ -366,13 +370,19 @@ static void axp20x_build_funcs_groups(struct platform_device *pdev)
 			pctl->funcs[i].groups[pin] = pctl->desc->pins[pin].name;
 	}
 
-	axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->ldo_mask,
+	ret = axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->ldo_mask,
 				      npins, &pctl->funcs[AXP20X_FUNC_LDO],
 				      pctl->desc->pins);
+	if (ret)
+		return ret;
 
-	axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->adc_mask,
+	ret = axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->adc_mask,
 				      npins, &pctl->funcs[AXP20X_FUNC_ADC],
 				      pctl->desc->pins);
+	if (ret)
+		return ret;
+
+	return 0;
 }
 
 static const struct of_device_id axp20x_pctl_match[] = {
@@ -424,7 +434,11 @@ static int axp20x_pctl_probe(struct platform_device *pdev)
 
 	platform_set_drvdata(pdev, pctl);
 
-	axp20x_build_funcs_groups(pdev);
+	ret = axp20x_build_funcs_groups(pdev);
+	if (ret) {
+		dev_err(&pdev->dev, "failed to build groups\n");
+		return ret;
+	}
 
 	pctrl_desc = devm_kzalloc(&pdev->dev, sizeof(*pctrl_desc), GFP_KERNEL);
 	if (!pctrl_desc)
-- 
2.18.0


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation
  2018-08-06 16:06 Anton Vasilyev
@ 2018-08-08  9:13 ` Chen-Yu Tsai
  2018-08-10 21:13 ` Linus Walleij
  1 sibling, 0 replies; 6+ messages in thread
From: Chen-Yu Tsai @ 2018-08-08  9:13 UTC (permalink / raw)
  To: Anton Vasilyev; +Cc: Linus Walleij, linux-gpio, linux-kernel, ldv-project

On Tue, Aug 7, 2018 at 12:06 AM, Anton Vasilyev <vasilyev@ispras.ru> wrote:
> There is no check that allocation in axp20x_funcs_groups_from_mask
> is successful.
> The patch adds corresponding check and return values.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>

Acked-by: Chen-Yu Tsai <wens@csie.org>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation
  2018-08-06 16:06 Anton Vasilyev
  2018-08-08  9:13 ` Chen-Yu Tsai
@ 2018-08-10 21:13 ` Linus Walleij
  1 sibling, 0 replies; 6+ messages in thread
From: Linus Walleij @ 2018-08-10 21:13 UTC (permalink / raw)
  To: vasilyev
  Cc: Chen-Yu Tsai, open list:GPIO SUBSYSTEM, linux-kernel, ldv-project

On Mon, Aug 6, 2018 at 6:07 PM Anton Vasilyev <vasilyev@ispras.ru> wrote:

> There is no check that allocation in axp20x_funcs_groups_from_mask
> is successful.
> The patch adds corresponding check and return values.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>

Patch applied with Chen-Yu's ACK.

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-04-05  3:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-12 15:19 [PATCH] pinctrl: axp209: Fix NULL pointer dereference after allocation Aditya Pakki
2019-03-23 22:09 ` Aditya Pakki
2019-04-05  3:36 ` Linus Walleij
  -- strict thread matches above, loose matches on Subject: below --
2018-08-06 16:06 Anton Vasilyev
2018-08-08  9:13 ` Chen-Yu Tsai
2018-08-10 21:13 ` Linus Walleij

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).