* [PATCH] char: tpm: fix potential null pointer dereference
@ 2017-05-30 22:05 Gustavo A. R. Silva
2017-05-30 22:21 ` Jason Gunthorpe
0 siblings, 1 reply; 4+ messages in thread
From: Gustavo A. R. Silva @ 2017-05-30 22:05 UTC (permalink / raw)
To: Peter Huewe, Marcel Selhorst, Jarkko Sakkinen, Jason Gunthorpe
Cc: tpmdd-devel, linux-kernel, Gustavo A. R. Silva
NULL check at line 376: if (!chip) {, implies chip might be NULL.
Function dev_get_drvdata() dereference pointer chip.
Move pointer tmp_dev assignment after the NULL check.
Addresses-Coverity-ID: 1397648
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
drivers/char/tpm/st33zp24/st33zp24.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/st33zp24/st33zp24.c b/drivers/char/tpm/st33zp24/st33zp24.c
index 4d1dc8b..f45e8c7 100644
--- a/drivers/char/tpm/st33zp24/st33zp24.c
+++ b/drivers/char/tpm/st33zp24/st33zp24.c
@@ -367,7 +367,7 @@ static irqreturn_t tpm_ioserirq_handler(int irq, void *dev_id)
static int st33zp24_send(struct tpm_chip *chip, unsigned char *buf,
size_t len)
{
- struct st33zp24_dev *tpm_dev = dev_get_drvdata(&chip->dev);
+ struct st33zp24_dev *tpm_dev;
u32 status, i, size, ordinal;
int burstcnt = 0;
int ret;
@@ -382,6 +382,7 @@ static int st33zp24_send(struct tpm_chip *chip, unsigned char *buf,
if (ret < 0)
return ret;
+ tpm_dev = dev_get_drvdata(&chip->dev);
status = st33zp24_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
st33zp24_cancel(chip);
--
2.5.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] char: tpm: fix potential null pointer dereference
2017-05-30 22:05 [PATCH] char: tpm: fix potential null pointer dereference Gustavo A. R. Silva
@ 2017-05-30 22:21 ` Jason Gunthorpe
2017-05-30 22:40 ` Gustavo A. R. Silva
0 siblings, 1 reply; 4+ messages in thread
From: Jason Gunthorpe @ 2017-05-30 22:21 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f,
linux-kernel-u79uwXL29TY76Z2rM5mHXA
On Tue, May 30, 2017 at 05:05:20PM -0500, Gustavo A. R. Silva wrote:
> NULL check at line 376: if (!chip) {, implies chip might be NULL.
> Function dev_get_drvdata() dereference pointer chip.
> Move pointer tmp_dev assignment after the NULL check.
chip cannot be null in st33zp24_send, please remove the bogus if
instead.
Jason
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] char: tpm: fix potential null pointer dereference
2017-05-30 22:21 ` Jason Gunthorpe
@ 2017-05-30 22:40 ` Gustavo A. R. Silva
2017-05-31 0:05 ` [PATCH] char: tpm: remove unnecessary code Gustavo A. R. Silva
0 siblings, 1 reply; 4+ messages in thread
From: Gustavo A. R. Silva @ 2017-05-30 22:40 UTC (permalink / raw)
To: Jason Gunthorpe
Cc: Peter Huewe, Marcel Selhorst, Jarkko Sakkinen, tpmdd-devel, linux-kernel
Hi Jason,
Quoting Jason Gunthorpe <jgunthorpe@obsidianresearch.com>:
> On Tue, May 30, 2017 at 05:05:20PM -0500, Gustavo A. R. Silva wrote:
>> NULL check at line 376: if (!chip) {, implies chip might be NULL.
>> Function dev_get_drvdata() dereference pointer chip.
>> Move pointer tmp_dev assignment after the NULL check.
>
> chip cannot be null in st33zp24_send, please remove the bogus if
> instead.
>
I get it.
Thanks for clarifying.
--
Gustavo A. R. Silva
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH] char: tpm: remove unnecessary code
2017-05-30 22:40 ` Gustavo A. R. Silva
@ 2017-05-31 0:05 ` Gustavo A. R. Silva
0 siblings, 0 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2017-05-31 0:05 UTC (permalink / raw)
To: Peter Huewe, Marcel Selhorst, Jarkko Sakkinen, Jason Gunthorpe
Cc: tpmdd-devel, linux-kernel, Gustavo A. R. Silva
Remove unnecessary code.
Pointer chip cannot be NULL in st33zp24_send().
Addresses-Coverity-ID: 1397648
Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
drivers/char/tpm/st33zp24/st33zp24.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/char/tpm/st33zp24/st33zp24.c b/drivers/char/tpm/st33zp24/st33zp24.c
index 4d1dc8b..ca74c24 100644
--- a/drivers/char/tpm/st33zp24/st33zp24.c
+++ b/drivers/char/tpm/st33zp24/st33zp24.c
@@ -373,8 +373,6 @@ static int st33zp24_send(struct tpm_chip *chip, unsigned char *buf,
int ret;
u8 data;
- if (!chip)
- return -EBUSY;
if (len < TPM_HEADER_SIZE)
return -EBUSY;
--
2.5.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-05-31 0:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-30 22:05 [PATCH] char: tpm: fix potential null pointer dereference Gustavo A. R. Silva
2017-05-30 22:21 ` Jason Gunthorpe
2017-05-30 22:40 ` Gustavo A. R. Silva
2017-05-31 0:05 ` [PATCH] char: tpm: remove unnecessary code Gustavo A. R. Silva
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).