| Message ID | 20190309070527.2657-1-kjlu@umn.edu (mailing list archive) |
|---|---|
| State | New |
| Delegated to: | Kieran Bingham |
| Headers | show |
| Series | media: rcar-vin: fix a potential NULL pointer dereference | expand |
Hi Kangjie, Thanks for your patch. On 2019-03-09 01:05:27 -0600, Kangjie Lu wrote: > In case of_match_node cannot find a match, the fix returns > -EINVAL to avoid NULL pointer dereference. > > Signed-off-by: Kangjie Lu <kjlu@umn.edu> > --- > drivers/media/platform/rcar-vin/rcar-core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/media/platform/rcar-vin/rcar-core.c b/drivers/media/platform/rcar-vin/rcar-core.c > index f0719ce24b97..a058e2023ca8 100644 > --- a/drivers/media/platform/rcar-vin/rcar-core.c > +++ b/drivers/media/platform/rcar-vin/rcar-core.c > @@ -266,6 +266,8 @@ static int rvin_group_init(struct rvin_group *group, struct rvin_dev *vin) > > match = of_match_node(vin->dev->driver->of_match_table, > vin->dev->of_node); > + if (unlikely(!match)) > + return -EINVAL; I don't think this is needed. The driver depends on selects OF and if we get this far we it is because we had a match already. The reason to call of_match_node() here is simply to retrieve which of the possible compatible strings was matched. Am I missing something? What scenario do you see where this can fail? > > strscpy(mdev->driver_name, KBUILD_MODNAME, sizeof(mdev->driver_name)); > strscpy(mdev->model, match->compatible, sizeof(mdev->model)); > -- > 2.17.1 >
On 3/9/19 12:02 PM, Niklas Söderlund wrote: > Hi Kangjie, > > Thanks for your patch. > > On 2019-03-09 01:05:27 -0600, Kangjie Lu wrote: >> In case of_match_node cannot find a match, the fix returns >> -EINVAL to avoid NULL pointer dereference. >> >> Signed-off-by: Kangjie Lu <kjlu@umn.edu> >> --- >> drivers/media/platform/rcar-vin/rcar-core.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/drivers/media/platform/rcar-vin/rcar-core.c b/drivers/media/platform/rcar-vin/rcar-core.c >> index f0719ce24b97..a058e2023ca8 100644 >> --- a/drivers/media/platform/rcar-vin/rcar-core.c >> +++ b/drivers/media/platform/rcar-vin/rcar-core.c >> @@ -266,6 +266,8 @@ static int rvin_group_init(struct rvin_group *group, struct rvin_dev *vin) >> >> match = of_match_node(vin->dev->driver->of_match_table, >> vin->dev->of_node); >> + if (unlikely(!match)) >> + return -EINVAL; > > I don't think this is needed. The driver depends on selects OF and if we > get this far we it is because we had a match already. The reason to call > of_match_node() here is simply to retrieve which of the possible > compatible strings was matched. > > Am I missing something? What scenario do you see where this can fail? And even if it can fail, then please drop the 'unlikely'. Regards, Hans > >> >> strscpy(mdev->driver_name, KBUILD_MODNAME, sizeof(mdev->driver_name)); >> strscpy(mdev->model, match->compatible, sizeof(mdev->model)); >> -- >> 2.17.1 >> >
diff --git a/drivers/media/platform/rcar-vin/rcar-core.c b/drivers/media/platform/rcar-vin/rcar-core.c index f0719ce24b97..a058e2023ca8 100644 --- a/drivers/media/platform/rcar-vin/rcar-core.c +++ b/drivers/media/platform/rcar-vin/rcar-core.c @@ -266,6 +266,8 @@ static int rvin_group_init(struct rvin_group *group, struct rvin_dev *vin) match = of_match_node(vin->dev->driver->of_match_table, vin->dev->of_node); + if (unlikely(!match)) + return -EINVAL; strscpy(mdev->driver_name, KBUILD_MODNAME, sizeof(mdev->driver_name)); strscpy(mdev->model, match->compatible, sizeof(mdev->model));
In case of_match_node cannot find a match, the fix returns -EINVAL to avoid NULL pointer dereference. Signed-off-by: Kangjie Lu <kjlu@umn.edu> --- drivers/media/platform/rcar-vin/rcar-core.c | 2 ++ 1 file changed, 2 insertions(+)