Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752142AbdLGX4D (ORCPT ); Thu, 7 Dec 2017 18:56:03 -0500 Received: from gateway36.websitewelcome.com ([192.185.195.25]:48013 "EHLO gateway36.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750862AbdLGX4C (ORCPT ); Thu, 7 Dec 2017 18:56:02 -0500 Date: Thu, 07 Dec 2017 17:56:00 -0600 Message-ID: <20171207175600.Horde.iPyyItaiS1jkRumLr0xb-iw@gator4166.hostgator.com> From: "Gustavo A. R. Silva" To: Chanwoo Choi Cc: MyungJoo Ham , Kyungmin Park , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] PM / devfreq: Fix potential NULL pointer dereference in governor_store References: <20171206202015.GA15636@embeddedor.com> <5A289845.5040301@samsung.com> In-Reply-To: <5A289845.5040301@samsung.com> User-Agent: Horde Application Framework 5 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 108.167.133.22 X-Source-L: Yes X-Exim-ID: 1eN61J-004KpE-0f X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: gator4166.hostgator.com [108.167.133.22]:56239 X-Source-Auth: garsilva@embeddedor.com X-Email-Count: 1 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1576 Lines: 55 Hi Chanwoo, Quoting Chanwoo Choi : > On 2017년 12월 07일 05:20, Gustavo A. R. Silva wrote: >> df->governor is being dereferenced before it is null checked, >> hence there is a potential null pointer dereference. >> >> Notice that df->governor is being null checked at line 1004: >> if (df->governor) {, which implies it might be null. >> >> Fix this by null checking df->governor before dereferencing it. >> >> Addresses-Coverity-ID: 1401988 ("Dereference before null check") >> Fixes: bcf23c79c4e4 ("PM / devfreq: Fix available_governor sysfs") >> Signed-off-by: Gustavo A. R. Silva >> --- >> drivers/devfreq/devfreq.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c >> index 78fb496..14fe76b 100644 >> --- a/drivers/devfreq/devfreq.c >> +++ b/drivers/devfreq/devfreq.c >> @@ -996,7 +996,8 @@ static ssize_t governor_store(struct device >> *dev, struct device_attribute *attr, >> if (df->governor == governor) { >> ret = 0; >> goto out; >> - } else if (df->governor->immutable || governor->immutable) { >> + } else if ((df->governor && df->governor->immutable) || >> + governor->immutable) { >> ret = -EINVAL; >> goto out; >> } >> > > Actually, df->governor would be never NULL because devfreq_add_device() > initializes the ->governor always. But, governor_store() doesn't know it. > I got it. > So, looks good to me. > Reviewed-by: Chanwoo Choi > Thank you -- Gustavo A. R. Silva