This code generates a Smatch warning:
kernel/irq/irqdomain.c:1511 irq_domain_push_irq()
warn: variable dereferenced before check 'root_irq_data' (see line 1508)
irq_get_irq_data() does sometimes return NULL pointers so this seems
like a real bug. Let's fix this bug by moving the check for NULL
earlier.
Signed-off-by: Dan Carpenter <[email protected]>
---
v2: Redo changelog.
v3: Redo changelog again. Make it imperative.
diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
index b9c688944429..e84b7056bb08 100644
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -1505,10 +1505,10 @@ int irq_domain_push_irq(struct irq_domain *domain, int virq, void *arg)
if (WARN_ON(!irq_domain_is_hierarchy(domain)))
return -EINVAL;
- if (domain->parent != root_irq_data->domain)
+ if (!root_irq_data)
return -EINVAL;
- if (!root_irq_data)
+ if (domain->parent != root_irq_data->domain)
return -EINVAL;
child_irq_data = kzalloc_node(sizeof(*child_irq_data), GFP_KERNEL,
On 08/25/2017 05:14 AM, Dan Carpenter wrote:
> This code generates a Smatch warning:
>
> kernel/irq/irqdomain.c:1511 irq_domain_push_irq()
> warn: variable dereferenced before check 'root_irq_data' (see line 1508)
>
> irq_get_irq_data() does sometimes return NULL pointers so this seems
> like a real bug. Let's fix this bug by moving the check for NULL
> earlier.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Thanks for identifying and fixing this. It looks plausible, so if it
compiles without error you can add:
Acked-by: David Daney <[email protected]>
> ---
> v2: Redo changelog.
> v3: Redo changelog again. Make it imperative.
>
> diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
> index b9c688944429..e84b7056bb08 100644
> --- a/kernel/irq/irqdomain.c
> +++ b/kernel/irq/irqdomain.c
> @@ -1505,10 +1505,10 @@ int irq_domain_push_irq(struct irq_domain *domain, int virq, void *arg)
> if (WARN_ON(!irq_domain_is_hierarchy(domain)))
> return -EINVAL;
>
> - if (domain->parent != root_irq_data->domain)
> + if (!root_irq_data)
> return -EINVAL;
>
> - if (!root_irq_data)
> + if (domain->parent != root_irq_data->domain)
> return -EINVAL;
>
> child_irq_data = kzalloc_node(sizeof(*child_irq_data), GFP_KERNEL,
>
Commit-ID: 20c4d49c0f304f3f945bbd560b26afa98f75a0c4
Gitweb: http://git.kernel.org/tip/20c4d49c0f304f3f945bbd560b26afa98f75a0c4
Author: Dan Carpenter <[email protected]>
AuthorDate: Fri, 25 Aug 2017 15:14:09 +0300
Committer: Thomas Gleixner <[email protected]>
CommitDate: Fri, 25 Aug 2017 22:40:26 +0200
irqdomain: Prevent potential NULL pointer dereference in irq_domain_push_irq()
This code generates a Smatch warning:
kernel/irq/irqdomain.c:1511 irq_domain_push_irq()
warn: variable dereferenced before check 'root_irq_data' (see line 1508)
irq_get_irq_data() can return a NULL pointer, but the code dereferences
the returned pointer before checking it.
Move the NULL pointer check before the dereference.
[ tglx: Rewrote changelog to be precise and conforming to the instructions
in submitting-patches and added a Fixes tag. Sigh! ]
Fixes: 495c38d3001f ("irqdomain: Add irq_domain_{push,pop}_irq() functions")
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Acked-by: David Daney <[email protected]>
Cc: Marc Zyngier <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/20170825121409.6rfv4vt6ztz2oqkt@mwanda
---
kernel/irq/irqdomain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
index 1ff9912..d623517 100644
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -1504,10 +1504,10 @@ int irq_domain_push_irq(struct irq_domain *domain, int virq, void *arg)
if (WARN_ON(!irq_domain_is_hierarchy(domain)))
return -EINVAL;
- if (domain->parent != root_irq_data->domain)
+ if (!root_irq_data)
return -EINVAL;
- if (!root_irq_data)
+ if (domain->parent != root_irq_data->domain)
return -EINVAL;
child_irq_data = kzalloc_node(sizeof(*child_irq_data), GFP_KERNEL,