1. Patchew
  2. linux
  3. View series

[PATCH] staging: greybus: Fix potential NULL dereference

Haowen Bai posted 1 patch 4 years, 3 months ago 
drivers/staging/greybus/bootrom.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
[PATCH] staging: greybus: Fix potential NULL dereference
Posted by Haowen Bai 4 years, 3 months ago 
Fix following coccicheck warning:
drivers/staging/greybus/bootrom.c:301:35-39: ERROR: fw is NULL but dereferenced.

When goto queue_work but dereference Uninitialized fw will trigger a NULL 
dereference.

Signed-off-by: Haowen Bai <baihaowen@meizu.com>
---
 drivers/staging/greybus/bootrom.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/drivers/staging/greybus/bootrom.c b/drivers/staging/greybus/bootrom.c
index a8efb86..6f3926b 100644
--- a/drivers/staging/greybus/bootrom.c
+++ b/drivers/staging/greybus/bootrom.c
@@ -252,14 +252,6 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
 	/* Disable timeouts */
 	gb_bootrom_cancel_timeout(bootrom);
 
-	if (op->request->payload_size != sizeof(*firmware_request)) {
-		dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
-			__func__, op->request->payload_size,
-			sizeof(*firmware_request));
-		ret = -EINVAL;
-		goto queue_work;
-	}
-
 	mutex_lock(&bootrom->mutex);
 
 	fw = bootrom->fw;
@@ -269,6 +261,15 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
 		goto unlock;
 	}
 
+	if (op->request->payload_size != sizeof(*firmware_request)) {
+		dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
+			__func__, op->request->payload_size,
+			sizeof(*firmware_request));
+		ret = -EINVAL;
+		mutex_unlock(&bootrom->mutex);
+		goto queue_work;
+	}
+
 	firmware_request = op->request->payload;
 	offset = le32_to_cpu(firmware_request->offset);
 	size = le32_to_cpu(firmware_request->size);
-- 
2.7.4
Re: [PATCH] staging: greybus: Fix potential NULL dereference
Posted by Viresh Kumar 4 years, 3 months ago 
On 11-03-22, 16:35, Haowen Bai wrote:
> Fix following coccicheck warning:
> drivers/staging/greybus/bootrom.c:301:35-39: ERROR: fw is NULL but dereferenced.
> 
> When goto queue_work but dereference Uninitialized fw will trigger a NULL 
> dereference.

Please have a look at earlier attempts like this:

https://lore.kernel.org/all/2015099.xVv48VzNit@linux.local/

-- 
viresh
答复: [PATCH] staging: greybus: Fix potential NULL dereference
Posted by 白浩文 4 years, 3 months ago 
Oh, my careless to check code. Thank you for your kindly reminder.
________________________________________
发件人: Viresh Kumar <viresh.kumar@linaro.org>
发送时间: 2022年3月11日 16:40:19
收件人: 白浩文
抄送: vireshk@kernel.org; johan@kernel.org; elder@kernel.org; gregkh@linuxfoundation.org; linux-staging@lists.linux.dev; linux-kernel@vger.kernel.org
主题: Re: [PATCH] staging: greybus: Fix potential NULL dereference

On 11-03-22, 16:35, Haowen Bai wrote:
> Fix following coccicheck warning:
> drivers/staging/greybus/bootrom.c:301:35-39: ERROR: fw is NULL but dereferenced.
>
> When goto queue_work but dereference Uninitialized fw will trigger a NULL
> dereference.

Please have a look at earlier attempts like this:

https://lore.kernel.org/all/2015099.xVv48VzNit@linux.local/

--
viresh
Re: [PATCH] staging: greybus: Fix potential NULL dereference
Posted by Dan Carpenter 4 years, 3 months ago 
On Fri, Mar 11, 2022 at 04:35:30PM +0800, Haowen Bai wrote:
> Fix following coccicheck warning:
> drivers/staging/greybus/bootrom.c:301:35-39: ERROR: fw is NULL but dereferenced.
> 
> When goto queue_work but dereference Uninitialized fw will trigger a NULL 
> dereference.
> 
> Signed-off-by: Haowen Bai <baihaowen@meizu.com>

Your patch claims to fix a bug, but the warning is a false positive.
When we "goto queue_work;" then "ret = -EINVAL" so that means that we
will not dereference "fw".

You should ignore false positive warnings.

We would apply the patch only if it made the code more readable but I
do not think that is the case here.  I do not really even see how the
patch silences the false positive warning, but it may do...

Anyway, the point is:  False positive.  Ignore it.

regards,
dan carpenter
答复: [PATCH] staging: greybus: Fix potential NULL dereference
Posted by 白浩文 4 years, 3 months ago 
Thank you for your suggestion.
________________________________________
发件人: Dan Carpenter <dan.carpenter@oracle.com>
发送时间: 2022年3月11日 19:32:08
收件人: 白浩文
抄送: vireshk@kernel.org; johan@kernel.org; elder@kernel.org; gregkh@linuxfoundation.org; linux-staging@lists.linux.dev; linux-kernel@vger.kernel.org
主题: Re: [PATCH] staging: greybus: Fix potential NULL dereference

On Fri, Mar 11, 2022 at 04:35:30PM +0800, Haowen Bai wrote:
> Fix following coccicheck warning:
> drivers/staging/greybus/bootrom.c:301:35-39: ERROR: fw is NULL but dereferenced.
>
> When goto queue_work but dereference Uninitialized fw will trigger a NULL
> dereference.
>
> Signed-off-by: Haowen Bai <baihaowen@meizu.com>

Your patch claims to fix a bug, but the warning is a false positive.
When we "goto queue_work;" then "ret = -EINVAL" so that means that we
will not dereference "fw".

You should ignore false positive warnings.

We would apply the patch only if it made the code more readable but I
do not think that is the case here.  I do not really even see how the
patch silences the false positive warning, but it may do...

Anyway, the point is:  False positive.  Ignore it.

regards,
dan carpenter

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.