In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt:
1. If in line 555 dev = NULL then we goto line 556
2. In line 556 we have null dereference because pr_err called with dev->name
in third parameter.
555 if (dev == NULL) {
556 pr_err("%s: net_interrupt(): irq %d for unknown device.
\n",
557 dev->name, irq);
558 return IRQ_NONE;
559 }
Found by Linux Device Drivers Verification (Svace detector)
Remove unused NULL pointer check.
Signed-off-by: Alexander Strakh <[email protected]>
---
diff --git a/./0000/drivers/net/3c507.c b/./moder/drivers/net/3c507.c
index fbc2311..3bfb3dd 100644
--- a/./0000/drivers/net/3c507.c
+++ b/./moder/drivers/net/3c507.c
@@ -552,12 +552,6 @@ static irqreturn_t el16_interrupt(int irq, void *dev_id)
ushort ack_cmd = 0;
void __iomem *shmem;
- if (dev == NULL) {
- pr_err("%s: net_interrupt(): irq %d for unknown device.\n",
- dev->name, irq);
- return IRQ_NONE;
- }
-
ioaddr = dev->base_addr;
lp = netdev_priv(dev);
shmem = lp->base;
Alexander Strakh wrote:
> In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt:
> 1. If in line 555 dev = NULL then we goto line 556
> 2. In line 556 we have null dereference because pr_err called with dev->name
> in third parameter.
> 555 if (dev == NULL) {
> 556 pr_err("%s: net_interrupt(): irq %d for unknown device.
> \n",
> 557 dev->name, irq);
> 558 return IRQ_NONE;
> 559 }
>
> Found by Linux Device Drivers Verification (Svace detector)
>
> Remove unused NULL pointer check.
You are obviously doing more than that ...
>
> Signed-off-by: Alexander Strakh <[email protected]>
>
> ---
> diff --git a/./0000/drivers/net/3c507.c b/./moder/drivers/net/3c507.c
> index fbc2311..3bfb3dd 100644
> --- a/./0000/drivers/net/3c507.c
> +++ b/./moder/drivers/net/3c507.c
> @@ -552,12 +552,6 @@ static irqreturn_t el16_interrupt(int irq, void *dev_id)
> ushort ack_cmd = 0;
> void __iomem *shmem;
>
> - if (dev == NULL) {
> - pr_err("%s: net_interrupt(): irq %d for unknown device.\n",
> - dev->name, irq);
You are changing real funcionality here!
If you want to fix it, fix the pr_err() but do not remove the "return
IRQ_NONE" entirely.
This looks like an introduction of a bug.
Regards,
Oliver
> - return IRQ_NONE;
> - }
> -
On Mon, 21 Dec 2009 17:56:39 +0100
Oliver Hartkopp <[email protected]> wrote:
> Alexander Strakh wrote:
> > In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt:
> > 1. If in line 555 dev = NULL then we goto line 556
> > 2. In line 556 we have null dereference because pr_err called with dev->name
> > in third parameter.
> > 555 if (dev == NULL) {
> > 556 pr_err("%s: net_interrupt(): irq %d for unknown device.
> > \n",
> > 557 dev->name, irq);
> > 558 return IRQ_NONE;
> > 559 }
> >
> > Found by Linux Device Drivers Verification (Svace detector)
> >
> > Remove unused NULL pointer check.
>
> You are obviously doing more than that ...
>
> >
> > Signed-off-by: Alexander Strakh <[email protected]>
> >
> > ---
> > diff --git a/./0000/drivers/net/3c507.c b/./moder/drivers/net/3c507.c
> > index fbc2311..3bfb3dd 100644
> > --- a/./0000/drivers/net/3c507.c
> > +++ b/./moder/drivers/net/3c507.c
> > @@ -552,12 +552,6 @@ static irqreturn_t el16_interrupt(int irq, void *dev_id)
> > ushort ack_cmd = 0;
> > void __iomem *shmem;
> >
> > - if (dev == NULL) {
> > - pr_err("%s: net_interrupt(): irq %d for unknown device.\n",
> > - dev->name, irq);
>
> You are changing real funcionality here!
>
> If you want to fix it, fix the pr_err() but do not remove the "return
> IRQ_NONE" entirely.
>
> This looks like an introduction of a bug.
>
> Regards,
> Oliver
>
>
> > - return IRQ_NONE;
> > - }
> > -
Interrupts will never be called with third parameter of NULL. It is really
bogus impossible to reach code.
--
Stephen Hemminger wrote:
> On Mon, 21 Dec 2009 17:56:39 +0100
> Oliver Hartkopp <[email protected]> wrote:
>
>> Alexander Strakh wrote:
>>> In driver drivers/net/3c507.c in function Iirqreturn_t el16_interrupt:
>>> 1. If in line 555 dev = NULL then we goto line 556
>>> 2. In line 556 we have null dereference because pr_err called with dev->name
>>> in third parameter.
>>> 555 if (dev == NULL) {
>>> 556 pr_err("%s: net_interrupt(): irq %d for unknown device.
>>> \n",
>>> 557 dev->name, irq);
>>> 558 return IRQ_NONE;
>>> 559 }
>>>
>>> Found by Linux Device Drivers Verification (Svace detector)
>>>
>>> Remove unused NULL pointer check.
>
> Interrupts will never be called with third parameter of NULL. It is really
> bogus impossible to reach code.
>
You're right! I just did not verify the direct assignment of dev = dev_id ...
Btw. the description for the reason of this patch remains unsuitably as the
problem is not the potential dereferencing of dev->name in pr_err() here.
It should better be something like this (partly stolen from your answer):
Interrupts will never be called with dev_id parameter of NULL.
This patch removes the obsolete, unreachable code.
Regards,
Oliver