From: Wen Yang <[email protected]>
Currently there are 2 problems with the ucc_of_parse_tdm function:
1,a possible null pointer dereference in ucc_of_parse_tdm,
detected by the semantic patch deref_null.cocci,
with the following warning:
drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but dereferenced.
2,dev gets modified, so in any case that devm_iounmap() will fail even when
the new pdev is valid, because the iomap was done with a different pdev.
This patch fixes them.
Suggested-by: Christophe LEROY <[email protected]>
Signed-off-by: Wen Yang <[email protected]>
CC: Julia Lawall <[email protected]>
CC: Zhao Qiang <[email protected]>
---
drivers/soc/fsl/qe/qe_tdm.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/soc/fsl/qe/qe_tdm.c b/drivers/soc/fsl/qe/qe_tdm.c
index f78c346..9a29f0b 100644
--- a/drivers/soc/fsl/qe/qe_tdm.c
+++ b/drivers/soc/fsl/qe/qe_tdm.c
@@ -47,7 +47,7 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
struct resource *res;
struct device_node *np2;
static int siram_init_flag;
- struct platform_device *pdev;
+ struct platform_device *pdev_si, *pdev_siram;
sprop = of_get_property(np, "fsl,rx-sync-clock", NULL);
if (sprop) {
@@ -129,16 +129,16 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
if (!np2)
return -EINVAL;
- pdev = of_find_device_by_node(np2);
- if (!pdev) {
+ pdev_si = of_find_device_by_node(np2);
+ if (!pdev_si) {
pr_err("%pOFn: failed to lookup pdev\n", np2);
of_node_put(np2);
return -EINVAL;
}
of_node_put(np2);
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- utdm->si_regs = devm_ioremap_resource(&pdev->dev, res);
+ res = platform_get_resource(pdev_si, IORESOURCE_MEM, 0);
+ utdm->si_regs = devm_ioremap_resource(&pdev_si->dev, res);
if (IS_ERR(utdm->si_regs)) {
ret = PTR_ERR(utdm->si_regs);
goto err_miss_siram_property;
@@ -150,8 +150,8 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
goto err_miss_siram_property;
}
- pdev = of_find_device_by_node(np2);
- if (!pdev) {
+ pdev_siram = of_find_device_by_node(np2);
+ if (!pdev_siram) {
ret = -EINVAL;
pr_err("%pOFn: failed to lookup pdev\n", np2);
of_node_put(np2);
@@ -159,8 +159,8 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
}
of_node_put(np2);
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- utdm->siram = devm_ioremap_resource(&pdev->dev, res);
+ res = platform_get_resource(pdev_siram, IORESOURCE_MEM, 0);
+ utdm->siram = devm_ioremap_resource(&pdev_siram->dev, res);
if (IS_ERR(utdm->siram)) {
ret = PTR_ERR(utdm->siram);
goto err_miss_siram_property;
@@ -174,7 +174,7 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
return ret;
err_miss_siram_property:
- devm_iounmap(&pdev->dev, utdm->si_regs);
+ devm_iounmap(&pdev_si->dev, utdm->si_regs);
return ret;
}
EXPORT_SYMBOL(ucc_of_parse_tdm);
--
2.9.5
On Thu, Nov 22, 2018 at 2:42 PM Yi Wang <[email protected]> wrote:
>
> From: Wen Yang <[email protected]>
>
> Currently there are 2 problems with the ucc_of_parse_tdm function:
> 1,a possible null pointer dereference in ucc_of_parse_tdm,
> detected by the semantic patch deref_null.cocci,
> with the following warning:
> drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but dereferenced.
> 2,dev gets modified, so in any case that devm_iounmap() will fail even when
> the new pdev is valid, because the iomap was done with a different pdev.
> This patch fixes them.
While we are at this, I think this logic need more serious fixing. I
see there is no driver bind with the "fsl,t1040-qe-si" or
"fsl,t1040-qe-siram" device. So allocating resources using devm_*()
with these devices won't provide a cleanup path for these resources
when the caller fails. I think we should probably allocate resource
under device of caller (e.g. ucc-hdlc), so that when caller probe
fails or is removed it will trigger the cleanup.
>
> Suggested-by: Christophe LEROY <[email protected]>
> Signed-off-by: Wen Yang <[email protected]>
> CC: Julia Lawall <[email protected]>
> CC: Zhao Qiang <[email protected]>
> ---
> drivers/soc/fsl/qe/qe_tdm.c | 20 ++++++++++----------
> 1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/soc/fsl/qe/qe_tdm.c b/drivers/soc/fsl/qe/qe_tdm.c
> index f78c346..9a29f0b 100644
> --- a/drivers/soc/fsl/qe/qe_tdm.c
> +++ b/drivers/soc/fsl/qe/qe_tdm.c
> @@ -47,7 +47,7 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> struct resource *res;
> struct device_node *np2;
> static int siram_init_flag;
> - struct platform_device *pdev;
> + struct platform_device *pdev_si, *pdev_siram;
>
> sprop = of_get_property(np, "fsl,rx-sync-clock", NULL);
> if (sprop) {
> @@ -129,16 +129,16 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> if (!np2)
> return -EINVAL;
>
> - pdev = of_find_device_by_node(np2);
> - if (!pdev) {
> + pdev_si = of_find_device_by_node(np2);
> + if (!pdev_si) {
> pr_err("%pOFn: failed to lookup pdev\n", np2);
> of_node_put(np2);
> return -EINVAL;
> }
>
> of_node_put(np2);
> - res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> - utdm->si_regs = devm_ioremap_resource(&pdev->dev, res);
> + res = platform_get_resource(pdev_si, IORESOURCE_MEM, 0);
> + utdm->si_regs = devm_ioremap_resource(&pdev_si->dev, res);
> if (IS_ERR(utdm->si_regs)) {
> ret = PTR_ERR(utdm->si_regs);
> goto err_miss_siram_property;
> @@ -150,8 +150,8 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> goto err_miss_siram_property;
> }
>
> - pdev = of_find_device_by_node(np2);
> - if (!pdev) {
> + pdev_siram = of_find_device_by_node(np2);
> + if (!pdev_siram) {
> ret = -EINVAL;
> pr_err("%pOFn: failed to lookup pdev\n", np2);
> of_node_put(np2);
> @@ -159,8 +159,8 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> }
>
> of_node_put(np2);
> - res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> - utdm->siram = devm_ioremap_resource(&pdev->dev, res);
> + res = platform_get_resource(pdev_siram, IORESOURCE_MEM, 0);
> + utdm->siram = devm_ioremap_resource(&pdev_siram->dev, res);
> if (IS_ERR(utdm->siram)) {
> ret = PTR_ERR(utdm->siram);
> goto err_miss_siram_property;
> @@ -174,7 +174,7 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> return ret;
>
> err_miss_siram_property:
> - devm_iounmap(&pdev->dev, utdm->si_regs);
> + devm_iounmap(&pdev_si->dev, utdm->si_regs);
> return ret;
> }
> EXPORT_SYMBOL(ucc_of_parse_tdm);
> --
> 2.9.5
>
Hi Wen,
Will you send another version to resolve the issue described in the comments?
BR
Qiang
> -----Original Message-----
> From: Li Yang <[email protected]>
> Sent: 2018年12月6日 4:10
> To: [email protected]
> Cc: Qiang Zhao <[email protected]>; [email protected]; lkml
> <[email protected]>; [email protected]; linuxppc-dev
> <[email protected]>; [email protected]; moderated
> list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE
> <[email protected]>
> Subject: Re: [PATCH] soc/fsl/qe: fix err handling of ucc_of_parse_tdm
>
> On Thu, Nov 22, 2018 at 2:42 PM Yi Wang <[email protected]> wrote:
> >
> > From: Wen Yang <[email protected]>
> >
> > Currently there are 2 problems with the ucc_of_parse_tdm function:
> > 1,a possible null pointer dereference in ucc_of_parse_tdm, detected by
> > the semantic patch deref_null.cocci, with the following warning:
> > drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but
> dereferenced.
> > 2,dev gets modified, so in any case that devm_iounmap() will fail even
> > when the new pdev is valid, because the iomap was done with a different
> pdev.
> > This patch fixes them.
>
> While we are at this, I think this logic need more serious fixing. I see there is
> no driver bind with the "fsl,t1040-qe-si" or "fsl,t1040-qe-siram" device. So
> allocating resources using devm_*() with these devices won't provide a
> cleanup path for these resources when the caller fails. I think we should
> probably allocate resource under device of caller (e.g. ucc-hdlc), so that when
> caller probe fails or is removed it will trigger the cleanup.
>
> >
> > Suggested-by: Christophe LEROY <[email protected]>
> > Signed-off-by: Wen Yang <[email protected]>
> > CC: Julia Lawall <[email protected]>
> > CC: Zhao Qiang <[email protected]>
> > ---
> > drivers/soc/fsl/qe/qe_tdm.c | 20 ++++++++++----------
> > 1 file changed, 10 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/soc/fsl/qe/qe_tdm.c b/drivers/soc/fsl/qe/qe_tdm.c
> > index f78c346..9a29f0b 100644
> > --- a/drivers/soc/fsl/qe/qe_tdm.c
> > +++ b/drivers/soc/fsl/qe/qe_tdm.c
> > @@ -47,7 +47,7 @@ int ucc_of_parse_tdm(struct device_node *np, struct
> ucc_tdm *utdm,
> > struct resource *res;
> > struct device_node *np2;
> > static int siram_init_flag;
> > - struct platform_device *pdev;
> > + struct platform_device *pdev_si, *pdev_siram;
> >
> > sprop = of_get_property(np, "fsl,rx-sync-clock", NULL);
> > if (sprop) {
> > @@ -129,16 +129,16 @@ int ucc_of_parse_tdm(struct device_node *np,
> struct ucc_tdm *utdm,
> > if (!np2)
> > return -EINVAL;
> >
> > - pdev = of_find_device_by_node(np2);
> > - if (!pdev) {
> > + pdev_si = of_find_device_by_node(np2);
> > + if (!pdev_si) {
> > pr_err("%pOFn: failed to lookup pdev\n", np2);
> > of_node_put(np2);
> > return -EINVAL;
> > }
> >
> > of_node_put(np2);
> > - res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> > - utdm->si_regs = devm_ioremap_resource(&pdev->dev, res);
> > + res = platform_get_resource(pdev_si, IORESOURCE_MEM, 0);
> > + utdm->si_regs = devm_ioremap_resource(&pdev_si->dev, res);
> > if (IS_ERR(utdm->si_regs)) {
> > ret = PTR_ERR(utdm->si_regs);
> > goto err_miss_siram_property; @@ -150,8 +150,8 @@
> int
> > ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> > goto err_miss_siram_property;
> > }
> >
> > - pdev = of_find_device_by_node(np2);
> > - if (!pdev) {
> > + pdev_siram = of_find_device_by_node(np2);
> > + if (!pdev_siram) {
> > ret = -EINVAL;
> > pr_err("%pOFn: failed to lookup pdev\n", np2);
> > of_node_put(np2);
> > @@ -159,8 +159,8 @@ int ucc_of_parse_tdm(struct device_node *np, struct
> ucc_tdm *utdm,
> > }
> >
> > of_node_put(np2);
> > - res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> > - utdm->siram = devm_ioremap_resource(&pdev->dev, res);
> > + res = platform_get_resource(pdev_siram, IORESOURCE_MEM, 0);
> > + utdm->siram = devm_ioremap_resource(&pdev_siram->dev, res);
> > if (IS_ERR(utdm->siram)) {
> > ret = PTR_ERR(utdm->siram);
> > goto err_miss_siram_property; @@ -174,7 +174,7 @@
> int
> > ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm,
> > return ret;
> >
> > err_miss_siram_property:
> > - devm_iounmap(&pdev->dev, utdm->si_regs);
> > + devm_iounmap(&pdev_si->dev, utdm->si_regs);
> > return ret;
> > }
> > EXPORT_SYMBOL(ucc_of_parse_tdm);
> > --
> > 2.9.5
> >