Received: by 10.192.165.148 with SMTP id m20csp4303376imm; Tue, 8 May 2018 06:26:45 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqlRzUzceK3jdYcope2A7s/UQRiDDadVJN3wnYUnnv0T/zBlQGc2jr3hSGCNiBec/E/00tv X-Received: by 2002:a65:49c3:: with SMTP id t3-v6mr32433941pgs.65.1525786005301; Tue, 08 May 2018 06:26:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525786005; cv=none; d=google.com; s=arc-20160816; b=T4mxQgYsbsMPT1cLadhTGsREfi/SejfmhMk8VotuK7HzWFgjF9sepJbRIFrSrSGPDT ddnhCGi4F0K0EB1w2iNcnFUY5gRrwyhfoInq2DBM+vmtXniRlx+WQRk5RQDK8K+ln+jT xv5epxLErnoBkhA149EvMjF4gZ/wUZkg09MG1Jru2rEBSg1Fd6cGPRmrmfiO0IE+veSC dCCUseQIm4q6zJsdUmHYl3RD0hofQl8KnGcIVa3tWOVhKRfcB6lwt3BTGhbErmUTgbJX UdfD+xCwCH7OJVQkJKCfQF5GMYH2BwqQqRMFd5M+cwEtCVX4ACZNnLKs4l7ylOCSuUIu muoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=ebb7bX61e/qdsQP3oeaQoW0RKfRFcXRcF69/4V2BmWA=; b=LpoM+6Djx6P5aAXoDCZrIgtET5nhBBiSl2mhtxz2To5zylIlhxuf+fzeU+VQzx0cGI P1VWtJJHjXp94LRdMKI7coVqD7/Y/1QHBqpL8MVPu/6v4CImUQ+5eHfK7dzuCTfW2bRz qMpsyUDSq/GLQaVdRcQOZFGV9+M7cX1hG4qV+fP8jc0brnbV06kSOoFa+5pcf64KQFsm ppnhefx4rlVdgBQLVZk2yHaXzmSi8Ge9yY7AjJdCQyvvtsRA4syWewWc2eeA/rpkJYqR pJ1eJ4YvuGLHwHn+V4WiWu7bnTZMmxdzGmRypav2SdYVB54njmdxa9j60ErLYWNNdDNI FRhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7-v6si24440761plo.486.2018.05.08.06.26.30; Tue, 08 May 2018 06:26:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754907AbeEHN0Q (ORCPT + 99 others); Tue, 8 May 2018 09:26:16 -0400 Received: from mga01.intel.com ([192.55.52.88]:53010 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751400AbeEHN0P (ORCPT ); Tue, 8 May 2018 09:26:15 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2018 06:26:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,378,1520924400"; d="scan'208";a="197679526" Received: from palyons-mobl.ger.corp.intel.com (HELO kekkonen.fi.intel.com) ([10.249.37.231]) by orsmga004.jf.intel.com with ESMTP; 08 May 2018 06:26:11 -0700 Received: by kekkonen.fi.intel.com (Postfix, from userid 1000) id 8D6A421EEF; Tue, 8 May 2018 16:26:10 +0300 (EEST) Date: Tue, 8 May 2018 16:26:10 +0300 From: Sakari Ailus To: Wenwen Wang Cc: Dan Carpenter , "open list:STAGING SUBSYSTEM" , Andy Shevchenko , Greg Kroah-Hartman , Kangjie Lu , "open list:STAGING - ATOMISP DRIVER" , open list , Hans Verkuil , Mauro Carvalho Chehab , Alan Cox Subject: Re: [PATCH] media: staging: atomisp: fix a potential missing-check bug Message-ID: <20180508132610.4wr5vtduy4fjrqm7@kekkonen.localdomain> References: <1525300731-27324-1-git-send-email-wang6495@umn.edu> <20180508121635.mdw4jikv66iyprie@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 08, 2018 at 08:04:54AM -0500, Wenwen Wang wrote: > On Tue, May 8, 2018 at 7:16 AM, Dan Carpenter wrote: > > On Wed, May 02, 2018 at 05:38:49PM -0500, Wenwen Wang wrote: > >> At the end of atomisp_subdev_set_selection(), the function > >> atomisp_subdev_get_rect() is invoked to get the pointer to v4l2_rect. Since > >> this function may return a NULL pointer, it is firstly invoked to check > >> the returned pointer. If the returned pointer is not NULL, then the > >> function is invoked again to obtain the pointer and the memory content > >> at the location of the returned pointer is copied to the memory location of > >> r. In most cases, the pointers returned by the two invocations are same. > >> However, given that the pointer returned by the function > >> atomisp_subdev_get_rect() is not a constant, it is possible that the two > >> invocations return two different pointers. For example, another thread may > >> race to modify the related pointers during the two invocations. > > > > You're assuming a very serious race condition exists. > > > > > >> In that > >> case, even if the first returned pointer is not null, the second returned > >> pointer might be null, which will cause issues such as null pointer > >> dereference. > > > > And then complaining that if a really serious bug exists then this very > > minor bug would exist too... If there were really a race condition like > > that then we'd want to fix it instead. In other words, this is not a > > real life bug fix. > > > > But it would be fine as a readability or static checker fix so that's > > fine. > > Thanks for your response. From the performance perspective, this bug > should also be fixed, as the second invocation is redundant if it is > expected to return a same pointer as the first one. The arguments are unchanged so the function returns the same pointer. Btw. this driver is being removed; please see discussion here: -- Sakari Ailus sakari.ailus@linux.intel.com