can: Fix possible NULL pointer dereference in ems_usb.c

Message ID	20100421101805.GA1995@bluebox.local
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Wed, 21 Apr 2010 12:18:06 +0200 From: "Hans J. Koch" <hjk@linutronix.de> To: David Miller <davem@davemloft.net> Cc: wg@grandegger.com, hjk@linutronix.de, netdev@vger.kernel.org, socketcan-core@lists.berlios.de Subject: Re: [PATCH] can: Fix possible NULL pointer dereference in ems_usb.c Message-ID: <20100421101805.GA1995@bluebox.local> References: <20100420135538.GA1994@bluebox.local> <4BCE04D9.2030601@grandegger.com> <20100420.180501.08643239.davem@davemloft.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100420.180501.08643239.davem@davemloft.net> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20100421101805.GA1995@bluebox.local

State

Accepted, archived

Delegated to:

David Miller

Headers

Date: Wed, 21 Apr 2010 12:18:06 +0200
From: "Hans J. Koch" <hjk@linutronix.de>
To: David Miller <davem@davemloft.net>
Cc: wg@grandegger.com, hjk@linutronix.de, netdev@vger.kernel.org,
	socketcan-core@lists.berlios.de
Subject: Re: [PATCH] can: Fix possible NULL pointer dereference in ems_usb.c
Message-ID: <20100421101805.GA1995@bluebox.local>
References: <20100420135538.GA1994@bluebox.local>
	<4BCE04D9.2030601@grandegger.com>
	<20100420.180501.08643239.davem@davemloft.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100420.180501.08643239.davem@davemloft.net>
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Hans J. Koch April 21, 2010, 10:18 a.m. UTC

On Tue, Apr 20, 2010 at 06:05:01PM -0700, David Miller wrote:
> From: Wolfgang Grandegger <wg@grandegger.com>
> > I think "dev_err(&intf->dev, ...)" should be used before
> > SET_NETDEV_DEV(netdev, &intf->dev) is called. I see two "dev_err()"
> > calls which need to be fixed.
> 
> Agreed.

Then it should probably look like this:


From: "Hans J. Koch" <hjk@linutronix.de>
To: netdev@vger.kernel.org
Cc: socketcan-core@lists.berlios.de,
	Sebastian Haas <haas@ems-wuensche.com>
Subject: [PATCH] can: Fix possible NULL pointer dereference in ems_usb.c

In ems_usb_probe(), a pointer is dereferenced after making sure it is NULL...

This patch replaces netdev->dev.parent with &intf->dev in dev_err() calls to
avoid this.

Signed-off-by: "Hans J. Koch" <hjk@linutronix.de>
---
 drivers/net/can/usb/ems_usb.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Wolfgang Grandegger April 21, 2010, 10:27 a.m. UTC | #1

Hans J. Koch wrote:
> On Tue, Apr 20, 2010 at 06:05:01PM -0700, David Miller wrote:
>> From: Wolfgang Grandegger <wg@grandegger.com>
>>> I think "dev_err(&intf->dev, ...)" should be used before
>>> SET_NETDEV_DEV(netdev, &intf->dev) is called. I see two "dev_err()"
>>> calls which need to be fixed.
>> Agreed.
> 
> Then it should probably look like this:

There are even more dev_err's to be fixed...

> From: "Hans J. Koch" <hjk@linutronix.de>
> To: netdev@vger.kernel.org
> Cc: socketcan-core@lists.berlios.de,
> 	Sebastian Haas <haas@ems-wuensche.com>
> Subject: [PATCH] can: Fix possible NULL pointer dereference in ems_usb.c
> 
> In ems_usb_probe(), a pointer is dereferenced after making sure it is NULL...
> 
> This patch replaces netdev->dev.parent with &intf->dev in dev_err() calls to
> avoid this.
> 
> Signed-off-by: "Hans J. Koch" <hjk@linutronix.de>
> ---
>  drivers/net/can/usb/ems_usb.c |    8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> Index: net-next-2.6/drivers/net/can/usb/ems_usb.c
> ===================================================================
> --- net-next-2.6.orig/drivers/net/can/usb/ems_usb.c	2010-04-13 11:27:33.000000000 +0200
> +++ net-next-2.6/drivers/net/can/usb/ems_usb.c	2010-04-21 11:59:04.000000000 +0200
> @@ -1006,7 +1006,7 @@
>  
>  	netdev = alloc_candev(sizeof(struct ems_usb), MAX_TX_URBS);
>  	if (!netdev) {
> -		dev_err(netdev->dev.parent, "Couldn't alloc candev\n");
> +		dev_err(&intf->dev, "ems_usb: Couldn't alloc candev\n");
>  		return -ENOMEM;
>  	}
>  
> @@ -1036,20 +1036,20 @@
>  
>  	dev->intr_urb = usb_alloc_urb(0, GFP_KERNEL);
>  	if (!dev->intr_urb) {
> -		dev_err(netdev->dev.parent, "Couldn't alloc intr URB\n");
> +		dev_err(&intf->dev, "Couldn't alloc intr URB\n");
>  		goto cleanup_candev;
>  	}
>  
>  	dev->intr_in_buffer = kzalloc(INTR_IN_BUFFER_SIZE, GFP_KERNEL);
>  	if (!dev->intr_in_buffer) {
> -		dev_err(netdev->dev.parent, "Couldn't alloc Intr buffer\n");
> +		dev_err(&intf->dev, "Couldn't alloc Intr buffer\n");
>  		goto cleanup_intr_urb;
>  	}
>  
>  	dev->tx_msg_buffer = kzalloc(CPC_HEADER_SIZE +
>  				     sizeof(struct ems_cpc_msg), GFP_KERNEL);
>  	if (!dev->tx_msg_buffer) {
> -		dev_err(netdev->dev.parent, "Couldn't alloc Tx buffer\n");
> +		dev_err(&intf->dev, "Couldn't alloc Tx buffer\n");
>  		goto cleanup_intr_in_buffer;
>  	}

Acked-by: Wolfgang Grandegger <wg@grandegger.com>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Miller April 21, 2010, 11:15 p.m. UTC | #2

From: Wolfgang Grandegger <wg@grandegger.com>
Date: Wed, 21 Apr 2010 12:27:50 +0200

>> Subject: [PATCH] can: Fix possible NULL pointer dereference in ems_usb.c
>> 
>> In ems_usb_probe(), a pointer is dereferenced after making sure it is NULL...
>> 
>> This patch replaces netdev->dev.parent with &intf->dev in dev_err() calls to
>> avoid this.
>> 
>> Signed-off-by: "Hans J. Koch" <hjk@linutronix.de>
 ...
> Acked-by: Wolfgang Grandegger <wg@grandegger.com>

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Index: net-next-2.6/drivers/net/can/usb/ems_usb.c
===================================================================
--- net-next-2.6.orig/drivers/net/can/usb/ems_usb.c	2010-04-13 11:27:33.000000000 +0200
+++ net-next-2.6/drivers/net/can/usb/ems_usb.c	2010-04-21 11:59:04.000000000 +0200
@@ -1006,7 +1006,7 @@ 
 
 	netdev = alloc_candev(sizeof(struct ems_usb), MAX_TX_URBS);
 	if (!netdev) {
-		dev_err(netdev->dev.parent, "Couldn't alloc candev\n");
+		dev_err(&intf->dev, "ems_usb: Couldn't alloc candev\n");
 		return -ENOMEM;
 	}
 
@@ -1036,20 +1036,20 @@ 
 
 	dev->intr_urb = usb_alloc_urb(0, GFP_KERNEL);
 	if (!dev->intr_urb) {
-		dev_err(netdev->dev.parent, "Couldn't alloc intr URB\n");
+		dev_err(&intf->dev, "Couldn't alloc intr URB\n");
 		goto cleanup_candev;
 	}
 
 	dev->intr_in_buffer = kzalloc(INTR_IN_BUFFER_SIZE, GFP_KERNEL);
 	if (!dev->intr_in_buffer) {
-		dev_err(netdev->dev.parent, "Couldn't alloc Intr buffer\n");
+		dev_err(&intf->dev, "Couldn't alloc Intr buffer\n");
 		goto cleanup_intr_urb;
 	}
 
 	dev->tx_msg_buffer = kzalloc(CPC_HEADER_SIZE +
 				     sizeof(struct ems_cpc_msg), GFP_KERNEL);
 	if (!dev->tx_msg_buffer) {
-		dev_err(netdev->dev.parent, "Couldn't alloc Tx buffer\n");
+		dev_err(&intf->dev, "Couldn't alloc Tx buffer\n");
 		goto cleanup_intr_in_buffer;
 	}

can: Fix possible NULL pointer dereference in ems_usb.c

Commit Message

Comments

Patch