Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3806393pxb; Tue, 17 Nov 2020 04:11:28 -0800 (PST) X-Google-Smtp-Source: ABdhPJzxZnoZ9CC2seV8qJo0miDVq+ooE6hCNTQrZZC0gz7TVlF2zlSDNwS83uks6DQCTVR8rqpI X-Received: by 2002:a50:cfcd:: with SMTP id i13mr20104722edk.275.1605615088457; Tue, 17 Nov 2020 04:11:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605615088; cv=none; d=google.com; s=arc-20160816; b=wgq4VmYLWe8p+Jw1cikwD4EDGf1HuKNRi/vf3QX88wkOXhNv28WYLNrWsF0/FE8X2t EOjMcFFltjlZdjevQyz67EJK0IaXZXOfY9op4TNoFXBzWXRg+++sTIGO8thYqHbFp2zK h/N3+rzcdupnvWJI5DkyNPMNuFt88bscyLaZYG0V26GndhtwtagFrTF4RfVJ7u2qJmgO AmwC+hhz2mwVZKOwwArtnFz7CyZN/vjkEaIIyPDXq/yqRcD6EVfkaloXmEt4tctjUQOk E8QE8mugxjDL93SajHrb1JBvrFiOLv5YFiZ7G7KA7PoQY+upMpF9Py8a883eZdxo5EHX 8njg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=R8dAViY8msWj5ESa9dcD3pUSNcXzBcfrUpBmPTelzyc=; b=AZsPxqSdMa/vfNgxD2aTCA0TFknOULpPjTzDjrHIvG+xdz+JxljfOTdquhaTBwyHEx dT5UNmA2+KGOGMMNt9lYQoMQGZpkGiDHesR2mJdB0srYvm+nnaEnlBdmpX4MXBXUSenI PbD0vlh2QkTWIQF0PqcQWanTvE/bgQE0aTspNlnCrsoOpbTC0QKhE76zWTmEOz37+asa Q0uqUcI0vnUrzhEoWZjAnoxnUCQ9Hrcudio50dVAy//vhJSjrih9U7H7KcQLyuX9gWMy cfFHIjX2CIFugu1BFBQDCkz5znmxk7OGppJ9zmm3r7IufmaetcV4vYKkgY1PHEC4EAZa CPwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZEd4OKYk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bz12si15079465ejc.672.2020.11.17.04.11.03; Tue, 17 Nov 2020 04:11:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZEd4OKYk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728244AbgKQMJD (ORCPT + 99 others); Tue, 17 Nov 2020 07:09:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725446AbgKQMJC (ORCPT ); Tue, 17 Nov 2020 07:09:02 -0500 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35DABC0613CF for ; Tue, 17 Nov 2020 04:09:02 -0800 (PST) Received: by mail-wr1-x443.google.com with SMTP id c17so22896965wrc.11 for ; Tue, 17 Nov 2020 04:09:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=R8dAViY8msWj5ESa9dcD3pUSNcXzBcfrUpBmPTelzyc=; b=ZEd4OKYk3irAFmWaAXOmUTa8XmNwL88+FAsivIc4nfLbCqetziHZqTzfXNo9txn3sO nTTc0D7HQdG0IeDZ4LcGxJtIhgyssJ4uYSV10b/W8p6LrijC/ZPTH9CdthDuZhEbSe2w DCtQrW9qjekN74A0u9xZ//F7yFZkKtVEfICMxXJAgzu5oh39+205XNjI8qYBitBfwWRN Y7xUVSoTFce9h3yS/88QC82d8h6MUwlGXQwnJ5WtdzrPFSTnI4jO3hbEfQejQG3Kul9S F7CZoTwyGi0aqdE8iLVThZOMwH3FRg/PHBbHi2nl3smAx9/CR5kJVGJqt5k0cCrKS2fh Csqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=R8dAViY8msWj5ESa9dcD3pUSNcXzBcfrUpBmPTelzyc=; b=imhuxhwg8qQYyY2uKbbjiOM37Z/7AvWR/TCChZvRYO1Hg6Gh+ngu/HePwtWZ3s8glQ G0wX9OGbWuBURamqUGZO7XnuwSaAxZOD0uZuASm6K9dWBtK8XT0q5G2S8tiLaJ0ipJ7A zFjVUKRUD8liUNhedRSvEodNemhqqfgDZTXetxoA027tsBU1m8E4hQuZh8+dbJodTzwk 49yKp4cKNGQ9bUkcf0kjel2fGv0aswhfhsih4N/Q+aMrn3YU4l5K51H8gkYKUVBQ8ite eNiLz03BqRAWnBQhewNgwfJZWNXpPjDxhOCRsyCTP76OSvBu1by4fe0y5GVQFGpp9EIu i4WA== X-Gm-Message-State: AOAM530l/A0SxVe6nDd6IpkETG7uVjyIgsWNsB+gdj0E8dnAbDtUlmJS kmvpFpzZRDKDO1/uXJGO4kEshnrm013iNw== X-Received: by 2002:adf:cf0b:: with SMTP id o11mr24131017wrj.162.1605614940689; Tue, 17 Nov 2020 04:09:00 -0800 (PST) Received: from ?IPv6:2a01:e34:ed2f:f020:6186:703a:2abc:2187? ([2a01:e34:ed2f:f020:6186:703a:2abc:2187]) by smtp.googlemail.com with ESMTPSA id u5sm22560954wro.56.2020.11.17.04.08.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Nov 2020 04:09:00 -0800 (PST) Subject: Re: [PATCH] thermal: Fix NULL pointer dereference issue To: Zhang Rui , Mukesh Ojha , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: amitk@kernel.org References: <1605544181-5348-1-git-send-email-mojha@codeaurora.org> <4e28affd89ba8a852e0fb7ace076458b3d43839a.camel@intel.com> From: Daniel Lezcano Message-ID: Date: Tue, 17 Nov 2020 13:08:59 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17/11/2020 12:27, Zhang Rui wrote: > On Tue, 2020-11-17 at 09:57 +0100, Daniel Lezcano wrote: >> On 17/11/2020 08:18, Zhang Rui wrote: >>> On Mon, 2020-11-16 at 21:59 +0530, Mukesh Ojha wrote: >>>> Cooling stats variable inside >>>> thermal_cooling_device_stats_update() >>>> can get NULL. We should add a NULL check on stat inside for >>>> sanity. >>>> >>>> Signed-off-by: Mukesh Ojha >>>> --- >>>> drivers/thermal/thermal_sysfs.c | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/drivers/thermal/thermal_sysfs.c >>>> b/drivers/thermal/thermal_sysfs.c >>>> index a6f371f..f52708f 100644 >>>> --- a/drivers/thermal/thermal_sysfs.c >>>> +++ b/drivers/thermal/thermal_sysfs.c >>>> @@ -754,6 +754,9 @@ void >>>> thermal_cooling_device_stats_update(struct >>>> thermal_cooling_device *cdev, >>>> { >>>> struct cooling_dev_stats *stats = cdev->stats; >>>> >>>> + if (!stats) >>>> + return; >>>> + >>> >>> May I know in which case stats can be NULL? >>> The only possibility I can see is that cdev->ops->get_max_state() >>> fails >>> in cooling_device_stats_setup(), right? >> >> A few lines below, the allocation could fail. >> >> stats = kzalloc(var, GFP_KERNEL); >> if (!stats) >> return; >> >> Some drivers define themselves as a cooling device state to let the >> userspace to act on their power. The screen brightness is one example >> with a cdev with 1024 states, the resulting stats table to be >> allocated >> is very big and the kzalloc is prone to fail. >> > Oh, right. > As we're not going to fix the cdev, so I think we do need this patch, > right? If the allocation fails at this level if initialization there is clearly something wrong. I'm wondering if it would make sense to report back an error and make thermal_cooling_device_register to fail. Having an allocation failing and silently ignore it sounds like not very robust IMO. -- Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog