Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753031AbdHJQX7 (ORCPT <rfc822;w@1wt.eu>);
        Thu, 10 Aug 2017 12:23:59 -0400
Received: from mailout1.samsung.com ([203.254.224.24]:49000 "EHLO
        mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752231AbdHJQX5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Aug 2017 12:23:57 -0400
X-AuditID: b6c32a46-f790d6d000003bf5-75-598c889a60a2
Subject: Re: [PATCH] ASoC: samsung: i2s: Null pointer dereference on
 samsung_i2s_remove
To: Anton Vasilyev <vasilyev@ispras.ru>
Cc: Krzysztof Kozlowski <krzk@kernel.org>,
        Sangbeom Kim <sbkim73@samsung.com>,
        Liam Girdwood <lgirdwood@gmail.com>, Mark Brown <broonie@kernel.org>,
        Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
        alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org,
        ldv-project@linuxtesting.org
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
Message-id: <152db371-4fe3-0c49-64c9-200fd3ebfbc8@samsung.com>
Date: Thu, 10 Aug 2017 18:23:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
        Thunderbird/52.2.1
MIME-version: 1.0
In-reply-to: <1502380599-13535-1-git-send-email-vasilyev@ispras.ru>
Content-type: text/plain; charset="utf-8"; format="flowed"
Content-language: en-GB
Content-transfer-encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTYRjG+bazs+Nwcpy3F82KVVSC14QOapIYcTAD/yjSyHLqYYpO16aS
        gRcMczpTyyw5KAlFlilemvMSiLjSEO9O07zlGhKmFSpaiJLbUfC/3/e87/s93/PyEXxJv8CV
        SExJY1QpsmQpLsL0hrPnPVlNcZTP+IAbZRzt4VEVi2acGh5uElK12iKM2jRqeNR4ZxVOFXaW
        CqjRNxs8qmmrAVHaF8kXRXTTeh5Od7BzQrpytwLRLXWFOD37c0dAd62+xukSXR2iG3UTGL3e
        cjTC5qYoKJ5JTsxgVN7BMaKEblOckhXd6xhZ5+Wid0QRsiGA9AdD86CAY2cYmW/ELSwh2xG0
        vkwvQqI9Xkcwb/rKOxj41f9dyBUaEDQYjTxuYgHB2B9vCzuQUfBkZ8OqO5KnoeJbHt/CfLKV
        B9s7yMI46QuPPpVYWUwGQ9vHSaszRp6CD2srVt2JjAT9ViXO9djD3/J5zMI2ZChUzhkx7s4A
        WNrNF3DsAr0L04jjY/C+fpXPPdokhC+Pw4sQscfu0NK9L18CXUUtzrEDLPfphBy7glbDWjMC
        WYrgc/0DxB0qEcwWlO1vIhAMfaP7xnagMewIOQMxaB5KOKTBNG/HdYfAytJbAbe3ZwgMP8zC
        MnScPRSNPRSHPRSHPRSnBmF1yJlRqhVyRu2n9PNSyxTq9BS5V1yqogVZf5jH5Xb0aii8B5EE
        ktqKY5y0URKBLEOdqehBQPCljmJNZnGURBwvy7zPqFLvqNKTGXUPciMwqYs4Wz8ZKSHlsjQm
        iWGUjOqgyiNsXHNRtWHGnNRsDsh5Pl7s5G3CS4Lb+Fly55NbPnN+ysEqj7rr5pzWaM8as8o/
        sW3UiT0yFFKgX7u2WPI0OyIsTN+V9Q8GVP0enoxj7/TtK935J9wn/BtvpMXmJ2yG3sorWDjH
        LtvPTMZO6X9DdZXt1egLq53eU7GB5WeqBse27zJBUkydIPP14KvUsv/js6+YXQMAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLIsWRmVeSWpSXmKPExsVy+t9jQd2ZHT2RBhu69SyuXDzEZDH14RM2
        i/PnN7BbLO/uYrH4dqWDyeLyrjlsFp27+lktLq74wmSx4ftaRovu+TkOXB4bPjexeeycdZfd
        Y8a/qYwem1Z1snncef2X1WPf22VsHn1bVjF6rN9ylcXj8ya5AM4oN5uM1MSU1CKF1Lzk/JTM
        vHRbpdAQN10LJYW8xNxUW6UIXd+QICWFssScUiDPyAANODgHuAcr6dsluGUceJRcMIurYueF
        z0wNjKs5uhg5OSQETCTenXrMDmGLSVy4t56ti5GLQ0hgNaPE4SsroJyHjBJ3n0wDqxIWiJSY
        9PcLE4gtIqAuMfVBEzOIzSywlUliy8JciIYZjBId+w8wgiTYBAwleo/2gdm8AnYS249cYwOx
        WQRUJXZ/egMWFxWIkOh7e5kdokZQ4sfkeywgNqeAs8SMu1dYIBaYSXx5eZgVwhaXOHb/JiOE
        LS+xec1b5gmMgrOQtM9C0jILScssJC0LGFlWMYqlFhTnpucWGxUY6RUn5haX5qXrJefnbmIE
        RvW2w1oBOxibzkUfYhTgYFTi4eUQ7o4UYk0sK67MPcQowcGsJMLbUdkTKcSbklhZlVqUH19U
        mpNafIjRFOi9icxSosn5wISTVxJvaGJpZGJgZmZoZGBspiTOOyHwS4SQQHpiSWp2ampBahFM
        HxMHp1QDo3Z/wvPZMU1vFz3Ml5jDu9XSTeRIBGfD7k9PGDQLFy1Sj02cl/2G6diUaVpudR19
        WRdV/tpP8F/w4PyDxgAF0RU//eVFUteGH/cuk4j3cTur1uKmwCOz4G2HFwsXu/Fcgfmvfr65
        LlfvJH/o/4eruhl1LXLrPoa3h6wI+3Hw+iLdM7s/bb9wSomlOCPRUIu5qDgRACkhEtkAAwAA
X-MTR: 20000000000000000@CPGS
X-CMS-MailID: 20170810162353epcas2p3a8e703782cc945bae03cc408fdb787f6
X-Msg-Generator: CA
X-Sender-IP: 182.195.42.80
X-Local-Sender: =?UTF-8?B?U3lsd2VzdGVyIE5hd3JvY2tpG1NSUE9MLUtlcm5lbCAoVFAp?=
        =?UTF-8?B?G+yCvOyEseyghOyekBtTZW5pb3IgU29mdHdhcmUgRW5naW5lZXI=?=
X-Global-Sender: =?UTF-8?B?U3lsd2VzdGVyIE5hd3JvY2tpG1NSUE9MLUtlcm5lbCAoVFAp?=
        =?UTF-8?B?G1NhbXN1bmcgRWxlY3Ryb25pY3MbU2VuaW9yIFNvZnR3YXJlIEVuZ2luZWVy?=
X-Sender-Code: =?UTF-8?B?QzEwG0VIURtDMTBDRDAyQ0QwMjczOTI=?=
CMS-TYPE: 102P
X-CMS-RootMailID: 20170810155722epcas3p231f6d4733d933b10461db96d9065674a
X-RootMTR: 20170810155722epcas3p231f6d4733d933b10461db96d9065674a
References: <CGME20170810155722epcas3p231f6d4733d933b10461db96d9065674a@epcas3p2.samsung.com>
        <1502380599-13535-1-git-send-email-vasilyev@ispras.ru>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1268
Lines: 38

On 08/10/2017 05:56 PM, Anton Vasilyev wrote:
> If (quirks & QUIRK_SEC_DAI == 0) then samsung_i2s_probe() doesn't allocate
> sec_dai and pri_dai->sec_dai remains Null, but samsung_i2s_remove()
> permorms pri_dai->sec_dai dereference in any case.

s/permorms/performs

> The patch adds sec_dai check on Null before derefence at
> samsung_i2s_remove().
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
> ---
>   sound/soc/samsung/i2s.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/sound/soc/samsung/i2s.c b/sound/soc/samsung/i2s.c
> index af3ba4d..6beeea8 100644
> --- a/sound/soc/samsung/i2s.c
> +++ b/sound/soc/samsung/i2s.c
> @@ -1382,7 +1382,8 @@ static int samsung_i2s_remove(struct platform_device *pdev)
>   	sec_dai = pri_dai->sec_dai;
>   
>   	pri_dai->sec_dai = NULL;
> -	sec_dai->pri_dai = NULL;

Thanks for the patch.  AFAICS above 4 lines could be removed altogether
since pri_dai and sec_dai is being allocated with devm_kzalloc().
So initializing in remove() is meaningless as afterwards the data will
not be used any more.  The memory will be just freed by the devres code.

> +	if (sec_dai)
> +		sec_dai->pri_dai = NULL;

-- 
Regards,
Sylwester