mtd: nand: vf610_nfc: add NULL check on of_match_device() return value

Message ID 20170707065926.GA25776@embeddedgus
State Rejected
Delegated to: Boris Brezillon
Headers show

Commit Message

Gustavo A. R. Silva July 7, 2017, 6:59 a.m.
Check return value from call to of_match_device()
in order to prevent a NULL pointer dereference.

In case of NULL print error message and return -ENODEV

Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
 drivers/mtd/nand/vf610_nfc.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Boris Brezillon July 17, 2017, 8:46 p.m. | #1
Le Fri, 7 Jul 2017 01:59:26 -0500,
"Gustavo A. R. Silva" <garsilva@embeddedor.com> a écrit :

> Check return value from call to of_match_device()
> in order to prevent a NULL pointer dereference.
> 
> In case of NULL print error message and return -ENODEV
> 
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
> ---
>  drivers/mtd/nand/vf610_nfc.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/mtd/nand/vf610_nfc.c b/drivers/mtd/nand/vf610_nfc.c
> index 744ab10..ca0ab96 100644
> --- a/drivers/mtd/nand/vf610_nfc.c
> +++ b/drivers/mtd/nand/vf610_nfc.c
> @@ -674,6 +674,11 @@ static int vf610_nfc_probe(struct platform_device *pdev)
>  	}
>  
>  	of_id = of_match_device(vf610_nfc_dt_ids, &pdev->dev);
> +	if (!of_id) {
> +		dev_err(&pdev->dev, "Failed to match device!\n");
> +		return -ENODEV;
> +	}
> +

While this check is functionally correct, this case cannot happen,
because this is DT-only driver, and without a valid match in
vf610_nfc_dt_ids the dev wouldn't have been probed in the first place.

I'll let Stefan decide whether he wants it or not, but I see no real
reason for this extra check. 

>  	nfc->variant = (enum vf610_nfc_variant)of_id->data;
>  
>  	for_each_available_child_of_node(nfc->dev->of_node, child) {
Marek Vasut July 17, 2017, 8:49 p.m. | #2
On 07/17/2017 10:46 PM, Boris Brezillon wrote:
> Le Fri, 7 Jul 2017 01:59:26 -0500,
> "Gustavo A. R. Silva" <garsilva@embeddedor.com> a écrit :
> 
>> Check return value from call to of_match_device()
>> in order to prevent a NULL pointer dereference.
>>
>> In case of NULL print error message and return -ENODEV
>>
>> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
>> ---
>>  drivers/mtd/nand/vf610_nfc.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/drivers/mtd/nand/vf610_nfc.c b/drivers/mtd/nand/vf610_nfc.c
>> index 744ab10..ca0ab96 100644
>> --- a/drivers/mtd/nand/vf610_nfc.c
>> +++ b/drivers/mtd/nand/vf610_nfc.c
>> @@ -674,6 +674,11 @@ static int vf610_nfc_probe(struct platform_device *pdev)
>>  	}
>>  
>>  	of_id = of_match_device(vf610_nfc_dt_ids, &pdev->dev);
>> +	if (!of_id) {
>> +		dev_err(&pdev->dev, "Failed to match device!\n");
>> +		return -ENODEV;
>> +	}
>> +
> 
> While this check is functionally correct, this case cannot happen,
> because this is DT-only driver, and without a valid match in
> vf610_nfc_dt_ids the dev wouldn't have been probed in the first place.
> 
> I'll let Stefan decide whether he wants it or not, but I see no real
> reason for this extra check. 

So how did you trigger the issue in the first place ?

Patch

diff --git a/drivers/mtd/nand/vf610_nfc.c b/drivers/mtd/nand/vf610_nfc.c
index 744ab10..ca0ab96 100644
--- a/drivers/mtd/nand/vf610_nfc.c
+++ b/drivers/mtd/nand/vf610_nfc.c
@@ -674,6 +674,11 @@  static int vf610_nfc_probe(struct platform_device *pdev)
 	}
 
 	of_id = of_match_device(vf610_nfc_dt_ids, &pdev->dev);
+	if (!of_id) {
+		dev_err(&pdev->dev, "Failed to match device!\n");
+		return -ENODEV;
+	}
+
 	nfc->variant = (enum vf610_nfc_variant)of_id->data;
 
 	for_each_available_child_of_node(nfc->dev->of_node, child) {