| Message ID | 20211008063150.822066-1-yangyingliang@huawei.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
| Series | power: supply: max17040: fix null-ptr-deref in max17040_probe() | expand |
On 08/10/2021 08:31, Yang Yingliang wrote: > Add check the return value of devm_regmap_init_i2c(), otherwise > later access may cause null-ptr-deref as follows: > > KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367] > RIP: 0010:regmap_read+0x33/0x170 > Call Trace: > max17040_probe+0x61b/0xff0 [max17040_battery] > ? write_comp_data+0x2a/0x90 > ? max17040_set_property+0x1d0/0x1d0 [max17040_battery] > ? tracer_hardirqs_on+0x33/0x520 > ? __sanitizer_cov_trace_pc+0x1d/0x50 > ? _raw_spin_unlock_irqrestore+0x4b/0x60 > ? trace_hardirqs_on+0x63/0x2d0 > ? write_comp_data+0x2a/0x90 > ? __sanitizer_cov_trace_pc+0x1d/0x50 > ? max17040_set_property+0x1d0/0x1d0 [max17040_battery] > i2c_device_probe+0xa31/0xbe0 > > Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c") > Reported-by: Hulk Robot <hulkci@huawei.com> > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> > --- > drivers/power/supply/max17040_battery.c | 2 ++ > 1 file changed, 2 insertions(+) Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Best regards, Krzysztof
Hi, On Sat, Oct 09, 2021 at 07:18:30PM +0200, Krzysztof Kozlowski wrote: > On 08/10/2021 08:31, Yang Yingliang wrote: > > Add check the return value of devm_regmap_init_i2c(), otherwise > > later access may cause null-ptr-deref as follows: > > > > KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367] > > RIP: 0010:regmap_read+0x33/0x170 > > Call Trace: > > max17040_probe+0x61b/0xff0 [max17040_battery] > > ? write_comp_data+0x2a/0x90 > > ? max17040_set_property+0x1d0/0x1d0 [max17040_battery] > > ? tracer_hardirqs_on+0x33/0x520 > > ? __sanitizer_cov_trace_pc+0x1d/0x50 > > ? _raw_spin_unlock_irqrestore+0x4b/0x60 > > ? trace_hardirqs_on+0x63/0x2d0 > > ? write_comp_data+0x2a/0x90 > > ? __sanitizer_cov_trace_pc+0x1d/0x50 > > ? max17040_set_property+0x1d0/0x1d0 [max17040_battery] > > i2c_device_probe+0xa31/0xbe0 > > > > Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c") > > Reported-by: Hulk Robot <hulkci@huawei.com> > > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> > > --- > > drivers/power/supply/max17040_battery.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Thanks, queued. -- Sebastian
diff --git a/drivers/power/supply/max17040_battery.c b/drivers/power/supply/max17040_battery.c index 3cea92e28dc3..a9aef1e8b186 100644 --- a/drivers/power/supply/max17040_battery.c +++ b/drivers/power/supply/max17040_battery.c @@ -449,6 +449,8 @@ static int max17040_probe(struct i2c_client *client, chip->client = client; chip->regmap = devm_regmap_init_i2c(client, &max17040_regmap); + if (IS_ERR(chip->regmap)) + return PTR_ERR(chip->regmap); chip_id = (enum chip_id) id->driver_data; if (client->dev.of_node) { ret = max17040_get_of_data(chip);
Add check the return value of devm_regmap_init_i2c(), otherwise later access may cause null-ptr-deref as follows: KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367] RIP: 0010:regmap_read+0x33/0x170 Call Trace: max17040_probe+0x61b/0xff0 [max17040_battery] ? write_comp_data+0x2a/0x90 ? max17040_set_property+0x1d0/0x1d0 [max17040_battery] ? tracer_hardirqs_on+0x33/0x520 ? __sanitizer_cov_trace_pc+0x1d/0x50 ? _raw_spin_unlock_irqrestore+0x4b/0x60 ? trace_hardirqs_on+0x63/0x2d0 ? write_comp_data+0x2a/0x90 ? __sanitizer_cov_trace_pc+0x1d/0x50 ? max17040_set_property+0x1d0/0x1d0 [max17040_battery] i2c_device_probe+0xa31/0xbe0 Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- drivers/power/supply/max17040_battery.c | 2 ++ 1 file changed, 2 insertions(+)