As the possible failure of the allocation, the devm_ioremap() may return
NULL pointer.
And the 'port->membase' will be directly used in mlb_usio_startup().
Therefore, in order to avoid the dereference of the NULL pointer, it
should be better to add the sanity check.
Fixes: ba44dc043004 ("serial: Add Milbeaut serial control")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
drivers/tty/serial/milbeaut_usio.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/milbeaut_usio.c b/drivers/tty/serial/milbeaut_usio.c
index 8f2cab7f66ad..1ecbf6d0dc79 100644
--- a/drivers/tty/serial/milbeaut_usio.c
+++ b/drivers/tty/serial/milbeaut_usio.c
@@ -523,6 +523,10 @@ static int mlb_usio_probe(struct platform_device *pdev)
}
port->membase = devm_ioremap(&pdev->dev, res->start,
resource_size(res));
+ if (!port->membase) {
+ ret = -ENOMEM;
+ goto failed;
+ }
ret = platform_get_irq_byname(pdev, "rx");
mlb_usio_irq[index][RX] = ret;
--
2.25.1
On Thu, Jan 06, 2022 at 05:06:31PM +0800, Jiasheng Jiang wrote:
> As the possible failure of the allocation, the devm_ioremap() may return
> NULL pointer.
I do not understand this sentence.
> And the 'port->membase' will be directly used in mlb_usio_startup().
This does not make sense either.
> Therefore, in order to avoid the dereference of the NULL pointer, it
> should be better to add the sanity check.
What do you mean by "sanity check"?
confused,
greg k-h
On Thu, Jan 06, 2022 at 11:01:20PM +0800, Greg KH wrote:
>> As the possible failure of the allocation, the devm_ioremap() may return
>> NULL pointer.
>
> I do not understand this sentence.
Well, since the devm_ioremap() calls devres_alloc() to allocate memory,
it may fail because of the lack of memory and return NULL pointer.
>> And the 'port->membase' will be directly used in mlb_usio_startup().
>
> This does not make sense either.
I notice that in mlb_usio_startup() 'port->membase' is used in
'escr = readb(port->membase + MLB_USIO_REG_ESCR);'
without checking whether it is NULL before, that is to say, it is directly used.
Therefore, it may cause the dereference of the NULL pointer.
>> Therefore, in order to avoid the dereference of the NULL pointer, it
>> should be better to add the sanity check.
>
> What do you mean by "sanity check"?
Since I believe that after all the allocation we need to check whether it
succeed.
So the "sanity check" means the check that lost and we need to make up to
maintain the integrity.
Moreover, I am glad for your reply.
And I will refine my commit message in next version to make it more clear.
Sincerely thanks,
Jiang
On Thu, Jan 13, 2022 at 03:35:14PM +0800, Jiri Slaby wrote:
>> diff --git a/drivers/tty/serial/milbeaut_usio.c b/drivers/tty/serial/milbeaut_usio.c
>> index 8f2cab7f66ad..1ecbf6d0dc79 100644
>> --- a/drivers/tty/serial/milbeaut_usio.c
>> +++ b/drivers/tty/serial/milbeaut_usio.c
>> @@ -523,6 +523,10 @@ static int mlb_usio_probe(struct platform_device *pdev)
>> }
>> port->membase = devm_ioremap(&pdev->dev, res->start,
>> resource_size(res));
>> + if (!port->membase) {
>> + ret = -ENOMEM;
>> + goto failed;
>> + }
>
> what about using devm_ioremap_resource() and have only one if there?
Well, I check the comment of the devm_ioremap_resource() and notice that
it checks and requests region before ioremap.
And the usage example is fit for the situation.
But I have still have no idea what the concrete advantages of the
devm_ioremap_resource(), like fixing something or improve the efficiency.
Please give me more detail.
Sincerely thanks,
Jiang