Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755355AbbESIxn (ORCPT ); Tue, 19 May 2015 04:53:43 -0400 Received: from mailout3.samsung.com ([203.254.224.33]:59108 "EHLO mailout3.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753711AbbESIxh (ORCPT ); Tue, 19 May 2015 04:53:37 -0400 X-AuditID: cbfee691-f79ca6d00000456a-c1-555afa0b16a3 Date: Tue, 19 May 2015 08:53:31 +0000 (GMT) From: Maninder Singh Subject: [EDT][PATCh 1/1]mdfld_dsi_pkg_sender.c : Fix Possible NULL Pointer dereference To: airlied@linux.ie, treding@nvidia.com, damien.lespiau@intel.com, airlied@redhat.com, alan@linux.intel.com, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Cc: "v.narang@samsung.com" Reply-to: maninder1.s@samsung.com MIME-version: 1.0 X-MTR: 20150519081215537@maninder1.s Msgkey: 20150519081215537@maninder1.s X-EPLocale: en_US.windows-1252 X-Priority: 3 X-EPWebmail-Msg-Type: personal X-EPWebmail-Reply-Demand: 0 X-EPApproval-Locale: X-EPHeader: ML X-MLAttribute: X-RootMTR: 20150519081215537@maninder1.s X-ParentMTR: X-ArchiveUser: X-CPGSPASS: N X-ConfirmMail: N,general Content-type: text/plain; charset=windows-1252 MIME-version: 1.0 Message-id: <884113296.400791432025608568.JavaMail.weblogic@ep2mlwas07b> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsWyRsSkWpf7V1Sowd49BhaXd81hc2D0+LxJ LoAxissmJTUnsyy1SN8ugSvj1J+fzAUbRCqWXPvD1sD4QriLkZNDSEBNYtHex2wgtoSAicTb TSehbDGJC/fWA9lcQDVLGSVOvOhghSlaeKWdHSIxh1GisWk/SxcjBweLgKpEy/RwkBo2AX2J s3vXMYPYwgLhEnO+T2YBqRcRuMUocW/6YkaQBLOAoURHz11GiCsUJdbfeAJm8woISpyc+YQF YpmKxLLG41BxVYnOdxC2hICcxJKpl5kgbF6JGe1PWWDi076uYYawpSXOz9rACPPN4u+PoeL8 Esdu74DqFZCYeuYgVI2mxKF9d6Hm8EmsWfiWBaZ+16nlzDC77m+ZC9UrIbG15QkrxC+KElO6 H7JD2AYSRxbNYUX3C6+Ah8TSVSuZQQEhIdDLIXFi6QGmCYxKs5DUzUIyaxaSWchqFjCyrGIU TS1ILihOSi8y1StOzC0uzUvXS87P3cQITA6n/z2buIPx/gHrQ4wCHIxKPLwR9VGhQqyJZcWV uYcYTYHxNJFZSjQ5H5iC8kriDY3NjCxMTUyNjcwtzZTEeXWkfwYLCaQnlqRmp6YWpBbFF5Xm pBYfYmTi4JRqYHTm/n615MwMy2YzjinCW1wfvX2XyPbGV1NFybtOh+u5rfDK9PMP2zYGtqib HXybqZAspHTJr3NdSeUizjqm+uk758p+bLl/VFa2/Ge4p4XrmQvVM5eymgtxlj1yneYk/nrG 1MYZlUvCxCco1OhGrN3xLi6CP8ztuqHXiqOJj/dWJQovcNR7q8RSnJFoqMVcVJwIAONs2s8J AwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOKsWRmVeSWpSXmKPExsVy+t/tXl3uX1GhBjeuaVlc3jWHzYHR4/Mm uQDGqDSbjNTElNQihdS85PyUzLx0WyXv4HjneFMzA0NdQ0sLcyWFvMTcVFslF58AXbfMHKCh SgpliTmlQKGAxOJiJX07m6L80pJUhYz84hJbpWhDcyM9IwM9UyM9Q9NYK0MDAyNToJqEtIxT f34yF2wQqVhy7Q9bA+ML4S5GTg4hATWJRXsfs4HYEgImEguvtLND2GISF+6tB4pzAdXMYZRo bNrP0sXIwcEioCrRMj0cpIZNQF/i7N51zCC2sEC4xJzvk1lA6kUEbjFK3Ju+mBEkwSxgKNHR c5cRYpmixPobT8BsXgFBiZMzn7BALFORWNZ4HCquKtH5DsKWEJCTWDL1MhOEzSsxo/0pC0x8 2tc1zBC2tMT5WRsYYY5e/P0xVJxf4tjtHVC9AhJTzxyEqtGUOLTvLtQcPok1C9+ywNTvOrWc GWbX/S1zoXolJLa2PGGF+EVRYkr3Q3YI20DiyKI5rOh+4RXwkFi6aiXzBEbZWUhSs5C0z0LS jqxmASPLKkbR1ILkguKk9AoTveLE3OLSvHS95PzcTYzgRPRsyQ7GhgvWhxgFOBiVeHgj6qNC hVgTy4orcw8xSnAwK4nwSn4GCvGmJFZWpRblxxeV5qQWH2I0BcbaRGYp0eR8YJLMK4k3NDYx NzU2tTAwNDc3UxLn/X8uN0RIID2xJDU7NbUgtQimj4mDU6qBsXdr+oynr867qfs+Vtzh/e7o r6CqSe0rLxeltfrxljl8zJ49/+sjgZANRdf97Bv3pNrdqLI2MtjBzpWiaHqN6Ql3rl2Y7Jon 969LRW5i0d19eIp6767YilertRMy3NRvm7id5708x4KjYdfNqY0R2f5HcqdmWKmqRaXLz9rh 9OKct4XrS4GdSizFGYmGWsxFxYkAHynLEVoDAAA= DLP-Filter: Pass X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id t4J8roFP032259 Content-Length: 2060 Lines: 60 EP-AA9D1F29B02341529D96C06444D8471D Hi, There is NULL pointer check for sender after dereferencing sender in __read_panel_data as below:- struct drm_device *dev = sender->dev; ... if (!sender || !data || !len) And from codeflow mdfld_dsi_get_panel_status --> mdfld_dsi_read_mcs --> __read_panel_data In mdfld_dsi_get_panel_status & mdfld_dsi_read_mcs there is already a same check. -----------Cut------------ if (!sender || !data || !len) { DRM_ERROR("Invalid parameters\n"); return -EINVAL; } return __read_panel_data(sender, MIPI_DSI_DCS_READ, &cmd, 1, data, len, hs); --------------------Cut----------- So either we can remove this check from __read_panel_data , or if we want to have defensive code then below change should be included. Subject: [PATCH 1/1] mdfld_dsi_pkg_sender.c : Initialize dev struct after NULL check of sender Signed-off-by: Maninder Singh Reviewed-By: Vaneet Narang --- drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c index 6b43ae3..6f2b2c9 100644 --- a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c +++ b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c @@ -520,7 +520,7 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type, u8 *data, u16 len, u32 *data_out, u16 len_out, bool hs) { unsigned long flags; - struct drm_device *dev = sender->dev; + struct drm_device *dev; int i; u32 gen_data_reg; int retry = MDFLD_DSI_READ_MAX_COUNT; @@ -530,6 +530,8 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type, return -EINVAL; } + dev = sender->dev; + /** * do reading. * 0) send out generic read request -- 1.7.1 Thanks Maninder????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m???? ????????I?