| Message ID | 1531312461-134547-1-git-send-email-weiyongjun1@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 7/11/2018 5:34 AM, Wei Yongjun wrote: > platform_get_resource() may fail and return NULL, so we should > better check it's return value to avoid a NULL pointer dereference > a bit later in the code. > > This is detected by Coccinelle semantic patch. > > @@ > expression pdev, res, n, t, e, e1, e2; > @@ > > res = platform_get_resource(pdev, t, n); > + if (!res) > + return -EINVAL; > ... when != res == NULL > e = devm_ioremap_nocache(e1, res->start, e2); > > Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> > --- Reviewed-by: Ray Jui <ray.jui@broadcom.com> Change looks good to me, although the check could have been avoided if 'devm_ioremap_resource' is used on the next line instead of 'devm_ioremap_nocache', where validation of resource pointer is done. But there's probably a reason why 'devm_ioremap_nocache' was used in this code here. > drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c > index 5cd8166..87618a4 100644 > --- a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c > +++ b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c > @@ -577,6 +577,8 @@ static int nsp_pinmux_probe(struct platform_device *pdev) > return PTR_ERR(pinctrl->base0); > > res = platform_get_resource(pdev, IORESOURCE_MEM, 1); > + if (!res) > + return -EINVAL; > pinctrl->base1 = devm_ioremap_nocache(&pdev->dev, res->start, > resource_size(res)); > if (!pinctrl->base1) { >
On 7/11/2018 9:48 AM, Ray Jui wrote: > > > On 7/11/2018 5:34 AM, Wei Yongjun wrote: >> platform_get_resource() may fail and return NULL, so we should >> better check it's return value to avoid a NULL pointer dereference >> a bit later in the code. >> >> This is detected by Coccinelle semantic patch. >> >> @@ >> expression pdev, res, n, t, e, e1, e2; >> @@ >> >> res = platform_get_resource(pdev, t, n); >> + if (!res) >> + return -EINVAL; >> ... when != res == NULL >> e = devm_ioremap_nocache(e1, res->start, e2); I forgot to mention this in my previous reply. Given that this is a fix for a potential NULL pointer dereference and then a kernel crash in the case when 'platform_get_resource' returns NULL, can you please add the Fixes tag so this fix is picked by all LTS kernels under maintenance? Thanks, Ray >> >> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> >> --- > > Reviewed-by: Ray Jui <ray.jui@broadcom.com> > > Change looks good to me, although the check could have been avoided if > 'devm_ioremap_resource' is used on the next line instead of > 'devm_ioremap_nocache', where validation of resource pointer is done. > > But there's probably a reason why 'devm_ioremap_nocache' was used in > this code here. > >> drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c >> b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c >> index 5cd8166..87618a4 100644 >> --- a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c >> +++ b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c >> @@ -577,6 +577,8 @@ static int nsp_pinmux_probe(struct platform_device >> *pdev) >> return PTR_ERR(pinctrl->base0); >> res = platform_get_resource(pdev, IORESOURCE_MEM, 1); >> + if (!res) >> + return -EINVAL; >> pinctrl->base1 = devm_ioremap_nocache(&pdev->dev, res->start, >> resource_size(res)); >> if (!pinctrl->base1) { >>
On 11/07/18 17:48, Ray Jui wrote: > > > On 7/11/2018 5:34 AM, Wei Yongjun wrote: >> platform_get_resource() may fail and return NULL, so we should >> better check it's return value to avoid a NULL pointer dereference >> a bit later in the code. >> >> This is detected by Coccinelle semantic patch. >> >> @@ >> expression pdev, res, n, t, e, e1, e2; >> @@ >> >> res = platform_get_resource(pdev, t, n); >> + if (!res) >> + return -EINVAL; >> ... when != res == NULL >> e = devm_ioremap_nocache(e1, res->start, e2); >> >> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> >> --- > > Reviewed-by: Ray Jui <ray.jui@broadcom.com> > > Change looks good to me, although the check could have been avoided if > 'devm_ioremap_resource' is used on the next line instead of > 'devm_ioremap_nocache', where validation of resource pointer is done. > > But there's probably a reason why 'devm_ioremap_nocache' was used in > this code here. > I am not sure about that. Both ARM and ARM64 has same definition as ioremp. However, arch/arm/include/asm/io.h do mention: "ioremap_nocache() is the same as ioremap() as there are too many device drivers using this for device registers, and documentation which tells people to use it for such for this to be any different." You could technically use devm_ioremap_resource if you want.
On 7/11/2018 10:01 AM, Sudeep Holla wrote: > > > On 11/07/18 17:48, Ray Jui wrote: >> >> >> On 7/11/2018 5:34 AM, Wei Yongjun wrote: >>> platform_get_resource() may fail and return NULL, so we should >>> better check it's return value to avoid a NULL pointer dereference >>> a bit later in the code. >>> >>> This is detected by Coccinelle semantic patch. >>> >>> @@ >>> expression pdev, res, n, t, e, e1, e2; >>> @@ >>> >>> res = platform_get_resource(pdev, t, n); >>> + if (!res) >>> + return -EINVAL; >>> ... when != res == NULL >>> e = devm_ioremap_nocache(e1, res->start, e2); >>> >>> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> >>> --- >> >> Reviewed-by: Ray Jui <ray.jui@broadcom.com> >> >> Change looks good to me, although the check could have been avoided if >> 'devm_ioremap_resource' is used on the next line instead of >> 'devm_ioremap_nocache', where validation of resource pointer is done. >> >> But there's probably a reason why 'devm_ioremap_nocache' was used in >> this code here. >> > > I am not sure about that. Both ARM and ARM64 has same definition as > ioremp. However, arch/arm/include/asm/io.h do mention: > "ioremap_nocache() is the same as ioremap() as there are too many device > > drivers using this for device registers, and documentation which tells > > people to use it for such for this to be any different." > > You could technically use devm_ioremap_resource if you want. > I did not mean the difference on _nocache, which I'm aware it's the same on ARM/ARM64 based platforms. I meant there's a reason why xxx_resource was not used, which is most likely due to some resource conflict with another driver on NSP. Ray
On 11/07/18 18:11, Ray Jui wrote: > > [...] > > I meant there's a reason why xxx_resource was not used, which is most > likely due to some resource conflict with another driver on NSP. > Ah OK, sorry for the noise then.
On 7/11/2018 10:14 AM, Sudeep Holla wrote: > > > On 11/07/18 18:11, Ray Jui wrote: >> >> > > [...] > >> >> I meant there's a reason why xxx_resource was not used, which is most >> likely due to some resource conflict with another driver on NSP. >> > > Ah OK, sorry for the noise then. > Not a noise at all. Helpful discussion. Thanks! Ray
On Wed, Jul 11, 2018 at 2:25 PM Wei Yongjun <weiyongjun1@huawei.com> wrote: > platform_get_resource() may fail and return NULL, so we should > better check it's return value to avoid a NULL pointer dereference > a bit later in the code. > > This is detected by Coccinelle semantic patch. > > @@ > expression pdev, res, n, t, e, e1, e2; > @@ > > res = platform_get_resource(pdev, t, n); > + if (!res) > + return -EINVAL; > ... when != res == NULL > e = devm_ioremap_nocache(e1, res->start, e2); > > Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Patch applied with Ray's ACK. Yours, Linus Walleij
Hi Linus, On 7/13/2018 12:46 AM, Linus Walleij wrote: > On Wed, Jul 11, 2018 at 2:25 PM Wei Yongjun <weiyongjun1@huawei.com> wrote: > >> platform_get_resource() may fail and return NULL, so we should >> better check it's return value to avoid a NULL pointer dereference >> a bit later in the code. >> >> This is detected by Coccinelle semantic patch. >> >> @@ >> expression pdev, res, n, t, e, e1, e2; >> @@ >> >> res = platform_get_resource(pdev, t, n); >> + if (!res) >> + return -EINVAL; >> ... when != res == NULL >> e = devm_ioremap_nocache(e1, res->start, e2); >> >> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> > > Patch applied with Ray's ACK. Would be nice to add the following Fixes tag: Fixes: cc4fa83f66e9 ("pinctrl: nsp: add pinmux driver support for Broadcom NSP SoC") Thanks, Ray > > Yours, > Linus Walleij >
On Fri, Jul 13, 2018 at 6:53 PM Ray Jui <ray.jui@broadcom.com> wrote: > > Patch applied with Ray's ACK. > > Would be nice to add the following Fixes tag: > > Fixes: cc4fa83f66e9 ("pinctrl: nsp: add pinmux driver support for > Broadcom NSP SoC") OK fixed it! Yours, Linus Walleij
diff --git a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c index 5cd8166..87618a4 100644 --- a/drivers/pinctrl/bcm/pinctrl-nsp-mux.c +++ b/drivers/pinctrl/bcm/pinctrl-nsp-mux.c @@ -577,6 +577,8 @@ static int nsp_pinmux_probe(struct platform_device *pdev) return PTR_ERR(pinctrl->base0); res = platform_get_resource(pdev, IORESOURCE_MEM, 1); + if (!res) + return -EINVAL; pinctrl->base1 = devm_ioremap_nocache(&pdev->dev, res->start, resource_size(res)); if (!pinctrl->base1) {
platform_get_resource() may fail and return NULL, so we should better check it's return value to avoid a NULL pointer dereference a bit later in the code. This is detected by Coccinelle semantic patch. @@ expression pdev, res, n, t, e, e1, e2; @@ res = platform_get_resource(pdev, t, n); + if (!res) + return -EINVAL; ... when != res == NULL e = devm_ioremap_nocache(e1, res->start, e2); Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> --- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 2 ++ 1 file changed, 2 insertions(+)