Message ID | 1608626913-16675-1-git-send-email-mdalam@codeaurora.org |
---|---|
State | New |
Headers | show |
Series | mmc: sdhci-msm: Fix possible NULL pointer exception | expand |
On 12/22/2020 2:18 PM, Md Sadre Alam wrote: > of_device_get_match_data returns NULL when no match. > So add the NULL pointer check to avoid dereference. > > Signed-off-by: Md Sadre Alam <mdalam@codeaurora.org> > --- Reviewed-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org> > drivers/mmc/host/sdhci-msm.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c > index 9c7927b..f20e424 100644 > --- a/drivers/mmc/host/sdhci-msm.c > +++ b/drivers/mmc/host/sdhci-msm.c > @@ -2235,6 +2235,8 @@ static int sdhci_msm_probe(struct platform_device *pdev) > * the data associated with the version info. > */ > var_info = of_device_get_match_data(&pdev->dev); > + if (!var_info) > + goto pltfm_free; > > msm_host->mci_removed = var_info->mci_removed; > msm_host->restore_dll_config = var_info->restore_dll_config;
On Tue 22 Dec 02:48 CST 2020, Md Sadre Alam wrote: > of_device_get_match_data returns NULL when no match. > So add the NULL pointer check to avoid dereference. > > Signed-off-by: Md Sadre Alam <mdalam@codeaurora.org> > --- > drivers/mmc/host/sdhci-msm.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c > index 9c7927b..f20e424 100644 > --- a/drivers/mmc/host/sdhci-msm.c > +++ b/drivers/mmc/host/sdhci-msm.c > @@ -2235,6 +2235,8 @@ static int sdhci_msm_probe(struct platform_device *pdev) > * the data associated with the version info. > */ > var_info = of_device_get_match_data(&pdev->dev); > + if (!var_info) To get this you (the SDHCI driver developer) needs to add an entry in sdhci_msm_dt_match[] without a .data specified. > + goto pltfm_free; And this will cause sdhci_msm_probe() to return 0, giving no hint to said developer that they screwed up. Given that this can only be caused by a developer working on this driver you should provide feedback suitable for such developer, e.g. by: if (WARN_ON(!var_info)) return -EINVAL; But given that this is only for the developer himself, I don't see that this adds any value over just reading the callstack you get from the panic when the next line dereferences var_info (NULL). Regards, Bjorn > > msm_host->mci_removed = var_info->mci_removed; > msm_host->restore_dll_config = var_info->restore_dll_config; > -- > 2.7.4 >
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 9c7927b..f20e424 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2235,6 +2235,8 @@ static int sdhci_msm_probe(struct platform_device *pdev) * the data associated with the version info. */ var_info = of_device_get_match_data(&pdev->dev); + if (!var_info) + goto pltfm_free; msm_host->mci_removed = var_info->mci_removed; msm_host->restore_dll_config = var_info->restore_dll_config;
of_device_get_match_data returns NULL when no match. So add the NULL pointer check to avoid dereference. Signed-off-by: Md Sadre Alam <mdalam@codeaurora.org> --- drivers/mmc/host/sdhci-msm.c | 2 ++ 1 file changed, 2 insertions(+)