Patchwork [07/59] i2c/i2c-pxa: Fix possible NULL pointer dereference

login
register
mail settings
Submitter Syam Sidhardhan
Date Feb. 24, 2013, 10:44 p.m.
Message ID <1361745852-28629-1-git-send-email-s.syam@samsung.com>
Download mbox | patch
Permalink /patch/222801/
State Not Applicable
Headers show

Comments

Syam Sidhardhan - Feb. 24, 2013, 10:44 p.m.
When platform_get_resource() returns NULL, there is a possible
NULL pointer dereference in release_mem_region(). Rearrange the
goto lables appropriately.

Signed-off-by: Syam Sidhardhan <s.syam@samsung.com>
---

Only compile tested.

 drivers/i2c/busses/i2c-pxa.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
Igor Grinberg - Feb. 25, 2013, 8:44 a.m.
On 02/25/13 00:44, Syam Sidhardhan wrote:
> When platform_get_resource() returns NULL, there is a possible
> NULL pointer dereference in release_mem_region(). Rearrange the
> goto lables appropriately.
> 
> Signed-off-by: Syam Sidhardhan <s.syam@samsung.com>

I think this has been already addressed in [1],
but I don't know if it was applied already...

[1] https://patchwork.kernel.org/patch/2141301/

> ---
> 
> Only compile tested.
> 
>  drivers/i2c/busses/i2c-pxa.c |   10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c
> index 1034d93..7ddda5c 100644
> --- a/drivers/i2c/busses/i2c-pxa.c
> +++ b/drivers/i2c/busses/i2c-pxa.c
> @@ -1104,18 +1104,18 @@ static int i2c_pxa_probe(struct platform_device *dev)
>  	if (ret > 0)
>  		ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type);
>  	if (ret < 0)
> -		goto eclk;
> +		goto emalloc;
>  
>  	res = platform_get_resource(dev, IORESOURCE_MEM, 0);
>  	irq = platform_get_irq(dev, 0);
>  	if (res == NULL || irq < 0) {
>  		ret = -ENODEV;
> -		goto eclk;
> +		goto emalloc;
>  	}
>  
>  	if (!request_mem_region(res->start, resource_size(res), res->name)) {
>  		ret = -ENOMEM;
> -		goto eclk;
> +		goto emalloc;
>  	}
>  
>  	i2c->adap.owner   = THIS_MODULE;
> @@ -1209,9 +1209,9 @@ ereqirq:
>  eremap:
>  	clk_put(i2c->clk);
>  eclk:
> -	kfree(i2c);
> -emalloc:
>  	release_mem_region(res->start, resource_size(res));
> +emalloc:
> +	kfree(i2c);
>  	return ret;
>  }
>  
>
Syam Sidhardhan - Feb. 25, 2013, 2:54 p.m.
Hi Igor,

On Mon, Feb 25, 2013 at 2:14 PM, Igor Grinberg <grinberg@compulab.co.il> wrote:
> On 02/25/13 00:44, Syam Sidhardhan wrote:
>> When platform_get_resource() returns NULL, there is a possible
>> NULL pointer dereference in release_mem_region(). Rearrange the
>> goto lables appropriately.
>>
>> Signed-off-by: Syam Sidhardhan <s.syam@samsung.com>
>
> I think this has been already addressed in [1],
> but I don't know if it was applied already...
>
> [1] https://patchwork.kernel.org/patch/2141301/
>
>> ---
>>
>> Only compile tested.
>>
>>  drivers/i2c/busses/i2c-pxa.c |   10 +++++-----
>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c
>> index 1034d93..7ddda5c 100644
>> --- a/drivers/i2c/busses/i2c-pxa.c
>> +++ b/drivers/i2c/busses/i2c-pxa.c
>> @@ -1104,18 +1104,18 @@ static int i2c_pxa_probe(struct platform_device *dev)
>>       if (ret > 0)
>>               ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type);
>>       if (ret < 0)
>> -             goto eclk;
>> +             goto emalloc;
>>
>>       res = platform_get_resource(dev, IORESOURCE_MEM, 0);
>>       irq = platform_get_irq(dev, 0);
>>       if (res == NULL || irq < 0) {
>>               ret = -ENODEV;
>> -             goto eclk;
>> +             goto emalloc;
>>       }
>>
>>       if (!request_mem_region(res->start, resource_size(res), res->name)) {
>>               ret = -ENOMEM;
>> -             goto eclk;
>> +             goto emalloc;
>>       }
>>
>>       i2c->adap.owner   = THIS_MODULE;
>> @@ -1209,9 +1209,9 @@ ereqirq:
>>  eremap:
>>       clk_put(i2c->clk);
>>  eclk:
>> -     kfree(i2c);
>> -emalloc:
>>       release_mem_region(res->start, resource_size(res));
>> +emalloc:
>> +     kfree(i2c);
>>       return ret;
>>  }
>>

You are correct. It has been already posted by Cong Ding.
Kindly ignore this patch.

Thanks,
Syam
--
To unsubscribe from this list: send the line "unsubscribe linux-i2c" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c
index 1034d93..7ddda5c 100644
--- a/drivers/i2c/busses/i2c-pxa.c
+++ b/drivers/i2c/busses/i2c-pxa.c
@@ -1104,18 +1104,18 @@  static int i2c_pxa_probe(struct platform_device *dev)
 	if (ret > 0)
 		ret = i2c_pxa_probe_pdata(dev, i2c, &i2c_type);
 	if (ret < 0)
-		goto eclk;
+		goto emalloc;
 
 	res = platform_get_resource(dev, IORESOURCE_MEM, 0);
 	irq = platform_get_irq(dev, 0);
 	if (res == NULL || irq < 0) {
 		ret = -ENODEV;
-		goto eclk;
+		goto emalloc;
 	}
 
 	if (!request_mem_region(res->start, resource_size(res), res->name)) {
 		ret = -ENOMEM;
-		goto eclk;
+		goto emalloc;
 	}
 
 	i2c->adap.owner   = THIS_MODULE;
@@ -1209,9 +1209,9 @@  ereqirq:
 eremap:
 	clk_put(i2c->clk);
 eclk:
-	kfree(i2c);
-emalloc:
 	release_mem_region(res->start, resource_size(res));
+emalloc:
+	kfree(i2c);
 	return ret;
 }