| Message ID | 200912211923.58735.strakh@ispras.ru |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
Alexander Strakh wrote: > In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt: > 1. If in line 555 dev = NULL then we goto line 556 > 2. In line 556 we have null dereference because pr_err called with dev->name > in third parameter. > 555 if (dev == NULL) { > 556 pr_err("%s: net_interrupt(): irq %d for unknown device. > \n", > 557 dev->name, irq); > 558 return IRQ_NONE; > 559 } > > Found by Linux Device Drivers Verification (Svace detector) > > Remove unused NULL pointer check. You are obviously doing more than that ... > > Signed-off-by: Alexander Strakh <strakh@ispras.ru> > > --- > diff --git a/./0000/drivers/net/3c507.c b/./moder/drivers/net/3c507.c > index fbc2311..3bfb3dd 100644 > --- a/./0000/drivers/net/3c507.c > +++ b/./moder/drivers/net/3c507.c > @@ -552,12 +552,6 @@ static irqreturn_t el16_interrupt(int irq, void *dev_id) > ushort ack_cmd = 0; > void __iomem *shmem; > > - if (dev == NULL) { > - pr_err("%s: net_interrupt(): irq %d for unknown device.\n", > - dev->name, irq); You are changing real funcionality here! If you want to fix it, fix the pr_err() but do not remove the "return IRQ_NONE" entirely. This looks like an introduction of a bug. Regards, Oliver > - return IRQ_NONE; > - } > - -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 21 Dec 2009 17:56:39 +0100 Oliver Hartkopp <socketcan@hartkopp.net> wrote: > Alexander Strakh wrote: > > In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt: > > 1. If in line 555 dev = NULL then we goto line 556 > > 2. In line 556 we have null dereference because pr_err called with dev->name > > in third parameter. > > 555 if (dev == NULL) { > > 556 pr_err("%s: net_interrupt(): irq %d for unknown device. > > \n", > > 557 dev->name, irq); > > 558 return IRQ_NONE; > > 559 } > > > > Found by Linux Device Drivers Verification (Svace detector) > > > > Remove unused NULL pointer check. > > You are obviously doing more than that ... > > > > > Signed-off-by: Alexander Strakh <strakh@ispras.ru> > > > > --- > > diff --git a/./0000/drivers/net/3c507.c b/./moder/drivers/net/3c507.c > > index fbc2311..3bfb3dd 100644 > > --- a/./0000/drivers/net/3c507.c > > +++ b/./moder/drivers/net/3c507.c > > @@ -552,12 +552,6 @@ static irqreturn_t el16_interrupt(int irq, void *dev_id) > > ushort ack_cmd = 0; > > void __iomem *shmem; > > > > - if (dev == NULL) { > > - pr_err("%s: net_interrupt(): irq %d for unknown device.\n", > > - dev->name, irq); > > You are changing real funcionality here! > > If you want to fix it, fix the pr_err() but do not remove the "return > IRQ_NONE" entirely. > > This looks like an introduction of a bug. > > Regards, > Oliver > > > > - return IRQ_NONE; > > - } > > - Interrupts will never be called with third parameter of NULL. It is really bogus impossible to reach code.
Stephen Hemminger wrote: > On Mon, 21 Dec 2009 17:56:39 +0100 > Oliver Hartkopp <socketcan@hartkopp.net> wrote: > >> Alexander Strakh wrote: >>> In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt: >>> 1. If in line 555 dev = NULL then we goto line 556 >>> 2. In line 556 we have null dereference because pr_err called with dev->name >>> in third parameter. >>> 555 if (dev == NULL) { >>> 556 pr_err("%s: net_interrupt(): irq %d for unknown device. >>> \n", >>> 557 dev->name, irq); >>> 558 return IRQ_NONE; >>> 559 } >>> >>> Found by Linux Device Drivers Verification (Svace detector) >>> >>> Remove unused NULL pointer check. > > Interrupts will never be called with third parameter of NULL. It is really > bogus impossible to reach code. > You're right! I just did not verify the direct assignment of dev = dev_id ... Btw. the description for the reason of this patch remains unsuitably as the problem is not the potential dereferencing of dev->name in pr_err() here. It should better be something like this (partly stolen from your answer): Interrupts will never be called with dev_id parameter of NULL. This patch removes the obsolete, unreachable code. Regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/./0000/drivers/net/3c507.c b/./moder/drivers/net/3c507.c index fbc2311..3bfb3dd 100644 --- a/./0000/drivers/net/3c507.c +++ b/./moder/drivers/net/3c507.c @@ -552,12 +552,6 @@ static irqreturn_t el16_interrupt(int irq, void *dev_id) ushort ack_cmd = 0; void __iomem *shmem; - if (dev == NULL) { - pr_err("%s: net_interrupt(): irq %d for unknown device.\n", - dev->name, irq); - return IRQ_NONE; - } - ioaddr = dev->base_addr; lp = netdev_priv(dev); shmem = lp->base;
In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt: 1. If in line 555 dev = NULL then we goto line 556 2. In line 556 we have null dereference because pr_err called with dev->name in third parameter. 555 if (dev == NULL) { 556 pr_err("%s: net_interrupt(): irq %d for unknown device. \n", 557 dev->name, irq); 558 return IRQ_NONE; 559 } Found by Linux Device Drivers Verification (Svace detector) Remove unused NULL pointer check. Signed-off-by: Alexander Strakh <strakh@ispras.ru> --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html