| Message ID | 20130214112818.GA18774@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
On Thu, Feb 14, 2013 at 7:28 PM, Cong Ding <dinggnu@gmail.com> wrote: > If it goes to eclk through line 1107, the variable res would be NULL. It will > cause a null pointer dereference error if we call release_mem_region. The > correct way should be using devm_kzalloc rather than kzalloc to allocate > memory. > > Signed-off-by: Cong Ding <dinggnu@gmail.com> > --- > drivers/i2c/busses/i2c-pxa.c | 22 ++++++++-------------- > 1 file changed, 8 insertions(+), 14 deletions(-) > > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c > index 1034d93..dd2d640 100644 > --- a/drivers/i2c/busses/i2c-pxa.c > +++ b/drivers/i2c/busses/i2c-pxa.c > @@ -1094,29 +1094,23 @@ static int i2c_pxa_probe(struct platform_device *dev) > struct resource *res = NULL; > int ret, irq; > > - i2c = kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL); > - if (!i2c) { > - ret = -ENOMEM; > - goto emalloc; > - } > + i2c = devm_kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL); > + if (!i2c) > + return -ENOMEM; > > ret = i2c_pxa_probe_dt(dev, i2c, &i2c_type); > if (ret > 0) > ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type); > if (ret < 0) > - goto eclk; > + return ret; > > res = platform_get_resource(dev, IORESOURCE_MEM, 0); > irq = platform_get_irq(dev, 0); > - if (res == NULL || irq < 0) { > - ret = -ENODEV; > - goto eclk; > - } > + if (res == NULL || irq < 0) > + return -ENODEV; > > - if (!request_mem_region(res->start, resource_size(res), res->name)) { > - ret = -ENOMEM; > - goto eclk; > - } > + if (!request_mem_region(res->start, resource_size(res), res->name)) > + return -ENOMEM; > > i2c->adap.owner = THIS_MODULE; > i2c->adap.retries = 5; > -- > 1.7.9.5 > Acked-by: Haojian Zhuang <haojian.zhuang@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe linux-i2c" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Feb 14, 2013 at 12:28:18PM +0100, Cong Ding wrote: > If it goes to eclk through line 1107, the variable res would be NULL. It will > cause a null pointer dereference error if we call release_mem_region. The > correct way should be using devm_kzalloc rather than kzalloc to allocate > memory. > > Signed-off-by: Cong Ding <dinggnu@gmail.com> > --- > drivers/i2c/busses/i2c-pxa.c | 22 ++++++++-------------- > 1 file changed, 8 insertions(+), 14 deletions(-) > > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c > index 1034d93..dd2d640 100644 > --- a/drivers/i2c/busses/i2c-pxa.c > +++ b/drivers/i2c/busses/i2c-pxa.c > @@ -1094,29 +1094,23 @@ static int i2c_pxa_probe(struct platform_device *dev) > struct resource *res = NULL; > int ret, irq; > > - i2c = kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL); > - if (!i2c) { > - ret = -ENOMEM; > - goto emalloc; > - } > + i2c = devm_kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL); You are using devm_kzalloc here but plain kfree is used later. This won't work. -- To unsubscribe from this list: send the line "unsubscribe linux-i2c" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c index 1034d93..dd2d640 100644 --- a/drivers/i2c/busses/i2c-pxa.c +++ b/drivers/i2c/busses/i2c-pxa.c @@ -1094,29 +1094,23 @@ static int i2c_pxa_probe(struct platform_device *dev) struct resource *res = NULL; int ret, irq; - i2c = kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL); - if (!i2c) { - ret = -ENOMEM; - goto emalloc; - } + i2c = devm_kzalloc(sizeof(struct pxa_i2c), GFP_KERNEL); + if (!i2c) + return -ENOMEM; ret = i2c_pxa_probe_dt(dev, i2c, &i2c_type); if (ret > 0) ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type); if (ret < 0) - goto eclk; + return ret; res = platform_get_resource(dev, IORESOURCE_MEM, 0); irq = platform_get_irq(dev, 0); - if (res == NULL || irq < 0) { - ret = -ENODEV; - goto eclk; - } + if (res == NULL || irq < 0) + return -ENODEV; - if (!request_mem_region(res->start, resource_size(res), res->name)) { - ret = -ENOMEM; - goto eclk; - } + if (!request_mem_region(res->start, resource_size(res), res->name)) + return -ENOMEM; i2c->adap.owner = THIS_MODULE; i2c->adap.retries = 5;
If it goes to eclk through line 1107, the variable res would be NULL. It will cause a null pointer dereference error if we call release_mem_region. The correct way should be using devm_kzalloc rather than kzalloc to allocate memory. Signed-off-by: Cong Ding <dinggnu@gmail.com> --- drivers/i2c/busses/i2c-pxa.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-)