2021-10-12 04:13:10

by Yang Yingliang

Subject: [PATCH v2] rtc: class: check return value when calling dev_set_name()

I got a null-ptr-deref report when doing fault injection test:

BUG: kernel NULL pointer dereference, address: 0000000000000000
RIP: 0010:strcmp+0xc/0x20
Call Trace:
__devm_rtc_register_device.cold.7+0x16a/0x2df
rv3029_probe+0x4b1/0x770 [rtc_rv3029c2]
rv3029_i2c_probe+0x141/0x180 [rtc_rv3029c2]
i2c_device_probe+0xa07/0xbb0
really_probe+0x285/0xc30

If dev_set_name() fails, dev_name() is null, it causes null-ptr-deref,
we need check the return value of dev_set_name().

Reported-by: Hulk Robot <[email protected]>
Signed-off-by: Yang Yingliang <[email protected]>
---
v2:
drop some unuseful backtrace in commit message.
---
drivers/rtc/class.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c
index f77bc089eb6b..1f18c39a4b82 100644
--- a/drivers/rtc/class.c
+++ b/drivers/rtc/class.c
@@ -363,7 +363,9 @@ struct rtc_device *devm_rtc_allocate_device(struct device *dev)

rtc->id = id;
rtc->dev.parent = dev;
- dev_set_name(&rtc->dev, "rtc%d", id);
+ err = dev_set_name(&rtc->dev, "rtc%d", id);
+ if (err)
+ return ERR_PTR(err);

err = devm_add_action_or_reset(dev, devm_rtc_release_device, rtc);
if (err)
--
2.25.1

2021-10-17 20:36:57

by Alexandre Belloni

Subject: Re: [PATCH v2] rtc: class: check return value when calling dev_set_name()

On Tue, 12 Oct 2021 12:16:29 +0800, Yang Yingliang wrote:
> I got a null-ptr-deref report when doing fault injection test:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> RIP: 0010:strcmp+0xc/0x20
> Call Trace:
> __devm_rtc_register_device.cold.7+0x16a/0x2df
> rv3029_probe+0x4b1/0x770 [rtc_rv3029c2]
> rv3029_i2c_probe+0x141/0x180 [rtc_rv3029c2]
> i2c_device_probe+0xa07/0xbb0
> really_probe+0x285/0xc30
>
> [...]

Applied, thanks!

[1/1] rtc: class: check return value when calling dev_set_name()
commit: 24d23181e43d72ca692a479e70dfe5b0b5dd33f1

Best regards,
--
Alexandre Belloni <[email protected]>