As the potential failuer of allocation, devm_kzalloc() may return NULL.
Then the 'pd->pmb' and the follow lines of code may bring null pointer dereference.
Therefore, it is better to check the return value of devm_kzalloc() to avoid this confusion.
Signed-off-by: QintaoShen <[email protected]>
---
drivers/soc/bcm/bcm63xx/bcm-pmb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/soc/bcm/bcm63xx/bcm-pmb.c b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
index 7bbe46e..55bf389 100644
--- a/drivers/soc/bcm/bcm63xx/bcm-pmb.c
+++ b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
@@ -311,6 +311,8 @@ static int bcm_pmb_probe(struct platform_device *pdev)
for (e = table; e->name; e++) {
struct bcm_pmb_pm_domain *pd = devm_kzalloc(dev, sizeof(*pd), GFP_KERNEL);
+ if (!pd)
+ return -ENOMEM;
pd->pmb = pmb;
pd->data = e;
--
2.7.4
+Rafal,
On 3/24/22 01:35, QintaoShen wrote:
> As the potential failuer of allocation, devm_kzalloc() may return NULL.
s/failuer/failure/
> Then the 'pd->pmb' and the follow lines of code may bring null pointer dereference.
>
> Therefore, it is better to check the return value of devm_kzalloc() to avoid this confusion.
>
> Signed-off-by: QintaoShen <[email protected]>
Fixes: 8bcac4011ebe ("soc: bcm: add PM driver for Broadcom's PMB")
> ---
> drivers/soc/bcm/bcm63xx/bcm-pmb.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/soc/bcm/bcm63xx/bcm-pmb.c b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
> index 7bbe46e..55bf389 100644
> --- a/drivers/soc/bcm/bcm63xx/bcm-pmb.c
> +++ b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
> @@ -311,6 +311,8 @@ static int bcm_pmb_probe(struct platform_device *pdev)
>
> for (e = table; e->name; e++) {
> struct bcm_pmb_pm_domain *pd = devm_kzalloc(dev, sizeof(*pd), GFP_KERNEL);
> + if (!pd)
> + return -ENOMEM;
I am of two minds as to what the appropriate behavior could be here, we
could equally use an:
if (!pd)
continue;
or do what you are doing.
>
> pd->pmb = pmb;
> pd->data = e;
--
Florian
Hello!
s/return/result/ in the subject.
On 3/24/22 11:35 AM, QintaoShen wrote:
> As the potential failuer of allocation, devm_kzalloc() may return NULL.
> Then the 'pd->pmb' and the follow lines of code may bring null pointer dereference.
Following.
> Therefore, it is better to check the return value of devm_kzalloc() to avoid this confusion.
>
> Signed-off-by: QintaoShen <[email protected]>
> ---
> drivers/soc/bcm/bcm63xx/bcm-pmb.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/soc/bcm/bcm63xx/bcm-pmb.c b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
> index 7bbe46e..55bf389 100644
> --- a/drivers/soc/bcm/bcm63xx/bcm-pmb.c
> +++ b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
> @@ -311,6 +311,8 @@ static int bcm_pmb_probe(struct platform_device *pdev)
>
> for (e = table; e->name; e++) {
> struct bcm_pmb_pm_domain *pd = devm_kzalloc(dev, sizeof(*pd), GFP_KERNEL);
Please keep an empty line after declaration.
> + if (!pd)
> + return -ENOMEM;
>
> pd->pmb = pmb;
> pd->data = e;
MBR, Sergey
OK. Here is the new version.
Signed-off-by: QintaoShen <[email protected]>
---
drivers/soc/bcm/bcm63xx/bcm-pmb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/soc/bcm/bcm63xx/bcm-pmb.c
b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
index 7bbe46e..cc20ffb 100644
--- a/drivers/soc/bcm/bcm63xx/bcm-pmb.c
+++ b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
@@ -312,6 +312,9 @@ static int bcm_pmb_probe(struct platform_device *pdev)
for (e = table; e->name; e++) {
struct bcm_pmb_pm_domain *pd = devm_kzalloc(dev, sizeof(*pd),
GFP_KERNEL);
+ if (!pd)
+ return -ENOMEM;
+
pd->pmb = pmb;
pd->data = e;
pd->genpd.name = e->name;
--
2.7.4
在 2022/3/25 下午5:02, Sergey Shtylyov 写道:
> Hello!
>
> s/return/result/ in the subject.
>
> On 3/24/22 11:35 AM, QintaoShen wrote:
>
>> As the potential failuer of allocation, devm_kzalloc() may return NULL.
>> Then the 'pd->pmb' and the follow lines of code may bring null pointer dereference.
> Following.
>
>> Therefore, it is better to check the return value of devm_kzalloc() to avoid this confusion.
>>
>> Signed-off-by: QintaoShen <[email protected]>
>> ---
>> drivers/soc/bcm/bcm63xx/bcm-pmb.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/soc/bcm/bcm63xx/bcm-pmb.c b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
>> index 7bbe46e..55bf389 100644
>> --- a/drivers/soc/bcm/bcm63xx/bcm-pmb.c
>> +++ b/drivers/soc/bcm/bcm63xx/bcm-pmb.c
>> @@ -311,6 +311,8 @@ static int bcm_pmb_probe(struct platform_device *pdev)
>>
>> for (e = table; e->name; e++) {
>> struct bcm_pmb_pm_domain *pd = devm_kzalloc(dev, sizeof(*pd), GFP_KERNEL);
> Please keep an empty line after declaration.
>
>> + if (!pd)
>> + return -ENOMEM;
>>
>> pd->pmb = pmb;
>> pd->data = e;
> MBR, Sergey
On 3/24/2022 1:35 AM, QintaoShen wrote:
> As the potential failuer of allocation, devm_kzalloc() may return NULL.
> Then the 'pd->pmb' and the follow lines of code may bring null pointer dereference.
>
> Therefore, it is better to check the return value of devm_kzalloc() to avoid this confusion.
>
> Signed-off-by: QintaoShen <[email protected]>
Applied to https://github.com/Broadcom/stblinux/commits/drivers/next,
thanks!
I modified your patch to have a Fixes: tag as replied, and follow
Sergey's style recommendation.
--
Florian