MIME-Version: 1.0
In-Reply-To: <20151112085312.GF24008@pengutronix.de>
References: <1447314423-31225-1-git-send-email-clabbe.montjoie@gmail.com>
	<CAH6sp9OhB3y=0GazcL5Lj-C5z-pRerncQ_KQM0xpP3nmAqF_gw@mail.gmail.com>
	<20151112082617.GE24008@pengutronix.de>
	<CAH6sp9PyGqxn6gaes=SPinXmqK5ySLax-3KZ3uu=6Y4_Uc+d5A@mail.gmail.com>
	<20151112085312.GF24008@pengutronix.de>
Date: Thu, 12 Nov 2015 09:57:07 +0100
Message-ID: <CAH6sp9MX25TX2n6F7EcC1y=xmvffhkpO488xWHy6QXjsBM2VHA@mail.gmail.com>
Subject: Re: [PATCH] mtd: nand: mxc_nand: fix a possible NULL dereference
From: Frans Klaver <fransklaver@gmail.com>
To: =?UTF-8?Q?Uwe_Kleine=2DK=C3=B6nig?= 
	<u.kleine-koenig@pengutronix.de>
Cc: LABBE Corentin <clabbe.montjoie@gmail.com>, baruch@tkos.co.il,
        Brian Norris <computersforpeace@gmail.com>,
        David Woodhouse <dwmw2@infradead.org>,
        =?UTF-8?Q?Krzysztof_Koz=C5=82owski?= <k.kozlowski.k@gmail.com>,
        Luis de Bethencourt <luis@debethencourt.com>, kernel@pengutronix.de,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 2642
Lines: 69

On Thu, Nov 12, 2015 at 9:53 AM, Uwe Kleine-König
<u.kleine-koenig@pengutronix.de> wrote:
> CC += devicetree@vger.kernel.org, gregkh

You added linux@pengutronix instead of devicetree.

>
> On Thu, Nov 12, 2015 at 09:36:55AM +0100, Frans Klaver wrote:
>> On Thu, Nov 12, 2015 at 9:26 AM, Uwe Kleine-König
>> <u.kleine-koenig@pengutronix.de> wrote:
>> > On Thu, Nov 12, 2015 at 09:03:11AM +0100, Frans Klaver wrote:
>> >> Hi,
>> >>
>> >> On Thu, Nov 12, 2015 at 8:46 AM, LABBE Corentin
>> >> <clabbe.montjoie@gmail.com> wrote:
>> >> > of_match_device could return NULL, and so cause a NULL pointer
>> >> > dereference later.
>> >>
>> >> Did you actually run into this? It seems to me that this driver is
>> >> only probed if and only if we have a match and that therefore
>> >> of_match_device will always return a valid pointer (it is using the
>> >> same match table). Am I missing something?
>> >
>> > Yes, you're missing something. The driver would probe for a dt snippet
>> > like:
>> >
>> >         mxc_nand {
>> >                 compatible = "foobar";
>> >         }
>> >
>> > In this case dev->of_node is non-NULL but of_match_device(mxcnd_dt_ids,
>> > dev) is.
>> >
>> > (I didn't actually test this, so there is a chance I'm wrong here. And
>> > if not I wonder if it is sensible at all to match the device name on
>> > driver name for of-created platform devices.)
>>
>> Yea, looks like you're right. platform devices check a number of
>> things to determine a match, among which is driver name if all else
>> fails (platform.c, platform_match()).
>
> Maybe something like this would help to reduce surprises:
>
> diff --git a/drivers/base/platform.c b/drivers/base/platform.c
> index f80aaaf9f610..a9fc22c86552 100644
> --- a/drivers/base/platform.c
> +++ b/drivers/base/platform.c
> @@ -840,8 +840,8 @@ static int platform_match(struct device *dev, struct device_driver *drv)
>                 return !strcmp(pdev->driver_override, drv->name);
>
>         /* Attempt an OF style match first */
> -       if (of_driver_match_device(dev, drv))
> -               return 1;
> +       if (pdev->dev.of_node)
> +               return of_driver_match_device(dev, drv);
>
>         /* Then try ACPI style match */
>         if (acpi_driver_match_device(dev, drv))

That looks sensible, yea. There is a chance that misbehaving DT nodes
will fail after this change, of course.

Thanks,
Frans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/