| Message ID | 1471353486-11514-2-git-send-email-clabbe.montjoie@gmail.com |
|---|---|
| State | Deferred |
| Headers | show |
Hi, On Tue, Aug 16, 2016 at 03:18:06PM +0200, LABBE Corentin wrote: > of_match_device could return NULL, and so cause a NULL pointer > dereference later. > > For fixing this problem, we use of_device_get_match_data(), this will > simplify the code a little by using a standard function for > getting the match data. > > Reported-by: coverity (CID 1324139) > Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> > --- > drivers/pwm/pwm-sun4i.c | 5 +---- > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c > index 03a99a5..72f0060 100644 > --- a/drivers/pwm/pwm-sun4i.c > +++ b/drivers/pwm/pwm-sun4i.c > @@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev) > struct resource *res; > u32 val; > int i, ret; > - const struct of_device_id *match; > - > - match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev); > > pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL); > if (!pwm) > @@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev) > if (IS_ERR(pwm->clk)) > return PTR_ERR(pwm->clk); > > - pwm->data = match->data; > + pwm->data = of_device_get_match_data(&pdev->dev); How does that fix anything? If of_match_data fails, it will return NULL, and the NULL pointer dereference will occur in the exact same cases. You should just check for match to be NULL, and return in this case. Maxime
On Mon, Aug 22, 2016 at 08:57:37AM +0200, Maxime Ripard wrote: > Hi, > > On Tue, Aug 16, 2016 at 03:18:06PM +0200, LABBE Corentin wrote: > > of_match_device could return NULL, and so cause a NULL pointer > > dereference later. > > > > For fixing this problem, we use of_device_get_match_data(), this will > > simplify the code a little by using a standard function for > > getting the match data. > > > > Reported-by: coverity (CID 1324139) > > Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> > > --- > > drivers/pwm/pwm-sun4i.c | 5 +---- > > 1 file changed, 1 insertion(+), 4 deletions(-) > > > > diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c > > index 03a99a5..72f0060 100644 > > --- a/drivers/pwm/pwm-sun4i.c > > +++ b/drivers/pwm/pwm-sun4i.c > > @@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev) > > struct resource *res; > > u32 val; > > int i, ret; > > - const struct of_device_id *match; > > - > > - match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev); > > > > pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL); > > if (!pwm) > > @@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev) > > if (IS_ERR(pwm->clk)) > > return PTR_ERR(pwm->clk); > > > > - pwm->data = match->data; > > + pwm->data = of_device_get_match_data(&pdev->dev); > > How does that fix anything? > > If of_match_data fails, it will return NULL, and the NULL pointer > dereference will occur in the exact same cases. > > You should just check for match to be NULL, and return in this case. > > Maxime > I apologize for havent seen this subsuquent NULL deref. I send an updated version soon. Regards -- To unsubscribe from this list: send the line "unsubscribe linux-pwm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c index 03a99a5..72f0060 100644 --- a/drivers/pwm/pwm-sun4i.c +++ b/drivers/pwm/pwm-sun4i.c @@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev) struct resource *res; u32 val; int i, ret; - const struct of_device_id *match; - - match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev); pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL); if (!pwm) @@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev) if (IS_ERR(pwm->clk)) return PTR_ERR(pwm->clk); - pwm->data = match->data; + pwm->data = of_device_get_match_data(&pdev->dev); pwm->chip.dev = &pdev->dev; pwm->chip.ops = &sun4i_pwm_ops; pwm->chip.base = -1;
of_match_device could return NULL, and so cause a NULL pointer dereference later. For fixing this problem, we use of_device_get_match_data(), this will simplify the code a little by using a standard function for getting the match data. Reported-by: coverity (CID 1324139) Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> --- drivers/pwm/pwm-sun4i.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-)