[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151112075238.GA1551@katana>
Date: Thu, 12 Nov 2015 08:52:38 +0100
From: Wolfram Sang <wsa@...-dreams.de>
To: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
Cc: LABBE Corentin <clabbe.montjoie@...il.com>,
linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] i2c: rcar: fix a possible NULL dereference
On Thu, Nov 12, 2015 at 08:44:47AM +0100, Uwe Kleine-König wrote:
> Hello,
>
> On Thu, Nov 12, 2015 at 08:25:09AM +0100, LABBE Corentin wrote:
> > of_match_device could return NULL, and so cause a NULL pointer
> > dereference later.
> >
> > Reported-by: coverity (CID 1130036)
> > Signed-off-by: LABBE Corentin <clabbe.montjoie@...il.com>
> > ---
> > drivers/i2c/busses/i2c-rcar.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
> > index b0ae560..d2bdbda 100644
> > --- a/drivers/i2c/busses/i2c-rcar.c
> > +++ b/drivers/i2c/busses/i2c-rcar.c
> > @@ -639,6 +639,7 @@ static int rcar_i2c_probe(struct platform_device *pdev)
> > struct device *dev = &pdev->dev;
> > u32 bus_speed;
> > int irq, ret;
> > + const struct of_device_id *of_id;
> >
> > priv = devm_kzalloc(dev, sizeof(struct rcar_i2c_priv), GFP_KERNEL);
> > if (!priv)
> > @@ -653,7 +654,10 @@ static int rcar_i2c_probe(struct platform_device *pdev)
> > bus_speed = 100000; /* default 100 kHz */
> > of_property_read_u32(dev->of_node, "clock-frequency", &bus_speed);
> >
> > - priv->devtype = (enum rcar_i2c_type)of_match_device(rcar_i2c_dt_ids, dev)->data;
> > + of_id = of_match_device(rcar_i2c_dt_ids, dev);
> > + if (!of_id)
> > + return -ENODEV;
> > + priv->devtype = (enum rcar_i2c_type)of_id->data;
>
> This is nearly an open coding of of_device_get_match_data. Maybe using
>
> priv->devtype = (enum rcar_i2c_type)of_device_get_match_data(dev)
>
> if good enough?
>
> Other than that, the NULL pointer dereference should only happen if the
> device was bound using the driver name. That might be worth to point out
> in the commit log. So maybe make (in a separate patch) the probe
> function fail when probed by name?
RCar is a DT only platform.
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists