| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f2b04356-c08b-4e44-4552-1fa6ee94ceba@denx.de>
Date: Mon, 9 May 2022 02:25:55 +0200
From: Marek Vasut <marex@...x.de>
To: Dan Carpenter <dan.carpenter@...cle.com>, kbuild@...ts.01.org
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org, Mark Brown <broonie@...nel.org>
Subject: Re:
[broonie-ci:20220430_marex_regmap_add_bulk_read_write_callbacks_into_regmap_config
1/1] drivers/base/regmap/regmap.c:1842 _regmap_raw_write_impl() error: we
previously assumed 'map->bus' could be null (see line 1770)
On 5/6/22 09:12, Dan Carpenter wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/broonie/ci.git 20220430_marex_regmap_add_bulk_read_write_callbacks_into_regmap_config
> head: d77e745613680c54708470402e2b623dcd769681
> commit: d77e745613680c54708470402e2b623dcd769681 [1/1] regmap: Add bulk read/write callbacks into regmap_config
> config: m68k-randconfig-m031-20220505 (https://download.01.org/0day-ci/archive/20220506/202205060518.hir67qzc-lkp@intel.com/config)
> compiler: m68k-linux-gcc (GCC) 11.3.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@...el.com>
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> New smatch warnings:
> drivers/base/regmap/regmap.c:1842 _regmap_raw_write_impl() error: we previously assumed 'map->bus' could be null (see line 1770)
>
> vim +1842 drivers/base/regmap/regmap.c
[...]
> 0074f3f2b1e43d Colin Foster 2022-03-13 1754 reg += map->reg_base;
> 86fc59ef818beb Colin Foster 2022-03-13 1755 reg >>= map->format.reg_downshift;
> d939fb9a78b474 Marc Reilly 2012-03-16 1756 map->format.format_reg(map->work_buf, reg, map->reg_shift);
> f50e38c9966076 Tony Lindgren 2016-09-15 1757 regmap_set_work_buf_flag_mask(map, map->format.reg_bytes,
> f50e38c9966076 Tony Lindgren 2016-09-15 1758 map->write_flag_mask);
> 6f306441e97f8f Lars-Peter Clausen 2011-09-05 1759
> 651e013e3ce6c0 Mark Brown 2013-10-08 1760 /*
> 651e013e3ce6c0 Mark Brown 2013-10-08 1761 * Essentially all I/O mechanisms will be faster with a single
> 651e013e3ce6c0 Mark Brown 2013-10-08 1762 * buffer to write. Since register syncs often generate raw
> 651e013e3ce6c0 Mark Brown 2013-10-08 1763 * writes of single registers optimise that case.
> 651e013e3ce6c0 Mark Brown 2013-10-08 1764 */
> 651e013e3ce6c0 Mark Brown 2013-10-08 1765 if (val != work_val && val_len == map->format.val_bytes) {
> 651e013e3ce6c0 Mark Brown 2013-10-08 1766 memcpy(work_val, val, map->format.val_bytes);
> 651e013e3ce6c0 Mark Brown 2013-10-08 1767 val = work_val;
> 651e013e3ce6c0 Mark Brown 2013-10-08 1768 }
> 651e013e3ce6c0 Mark Brown 2013-10-08 1769
> d77e745613680c Marek Vasut 2022-04-30 @1770 if (map->async && map->bus && map->bus->async_write) {
> ^^^^^^^^
> Do we really need to check map->bus?
Here I think so, because bus can be NULL.
[...]
> c6b570d97c0e77 Philipp Zabel 2015-03-09 1831 trace_regmap_hw_write_start(map, reg, val_len / map->format.val_bytes);
> fb2736bbaee0e7 Mark Brown 2011-07-24 1832
> 2547e201b3693f Mark Brown 2011-07-20 1833 /* If we're doing a single register write we can probably just
> 2547e201b3693f Mark Brown 2011-07-20 1834 * send the work_buf directly, otherwise try to do a gather
> 2547e201b3693f Mark Brown 2011-07-20 1835 * write.
> 2547e201b3693f Mark Brown 2011-07-20 1836 */
> 0d509f2b112b21 Mark Brown 2013-01-27 1837 if (val == work_val)
> d77e745613680c Marek Vasut 2022-04-30 1838 ret = map->write(map->bus_context, map->work_buf,
> 82159ba8e6ef8c Mark Brown 2012-01-18 1839 map->format.reg_bytes +
> 82159ba8e6ef8c Mark Brown 2012-01-18 1840 map->format.pad_bytes +
> 82159ba8e6ef8c Mark Brown 2012-01-18 1841 val_len);
> 2547e201b3693f Mark Brown 2011-07-20 @1842 else if (map->bus->gather_write)
> ^^^^^^^^
> It's not checked here
This is a bug indeed.
Powered by blists - more mailing lists