Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp136820pxv; Thu, 24 Jun 2021 04:45:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxxDEf2EegnlMithAsSPS1JHB4TsajXmxjHl/07+IfFfjw5PvM+jDRc9TOLQj+n1D0I9zUB X-Received: by 2002:a05:6e02:1c86:: with SMTP id w6mr3113460ill.92.1624535135845; Thu, 24 Jun 2021 04:45:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624535135; cv=none; d=google.com; s=arc-20160816; b=0aNX82GFhGJN0vkXGcJxi0gu/D9Fj9wCOxhKFIzAuNWr/wq/WTO0r8Uc7+i1qtnWYv +y+jL8aZpDycK04veRT3Awy4vuIn//4KS9BnRSPUnrz1YZzAbQWhlvq0UsZ+94QvWhXY zvo6Gk3wM9yYcg4DJywxTrSMFkXy0px/2bNYGMDLh15pDatVkXX/OcAozhFKlEnxBiTS t7457PJhLixSNv3mvyf57Jupt0C/5b1FcTVzemwRVQZ+S5FruXslJQngdgUuvm45mlRS a3Ig1I2DuZlq2vk9GLNYa3//KKPbkaJRNyAxg1KWgSe7/pQIXPxclGDJcYdZQZJ7a59n OHjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=1Ig3P7A8JXj+uukL/1yoFK5ggDT+xB/0kaOXGt4aCDg=; b=p9ThytWW4USwJl/Ejq3uE3D1nig/ITIrFP7yJXA2336lFwNRGC+UtVJy+LJlNo0cQ7 9OTwDppnYzoGaytycjviJUsoBU7kPSoak785ag02YiFfvGcvAHGUrwqZmohF7tnybXoQ W/2pAvFzjooSGG3XH6ohxxhvylXkl4LvPmXt7SvUD5WR+SnpNAe/0Q+C7e87r3Cp1gq7 gGkzdKefsfKklJxUf+idrhQmXANVTjmXwrmnw053t22G7lTxAKXDNLoOT9vMtxjWpY1y CDAWYSzKrlBjVPmTrN/MSVCJqMclGX/gim+yF8zRQO7nubHlanWTlz37GWJ0lYpHHkfL BKCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pOBNTFp1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x3si2177994ion.71.2021.06.24.04.45.23; Thu, 24 Jun 2021 04:45:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pOBNTFp1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229831AbhFXLrP (ORCPT + 99 others); Thu, 24 Jun 2021 07:47:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:45728 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229445AbhFXLrO (ORCPT ); Thu, 24 Jun 2021 07:47:14 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 50CAC613CE; Thu, 24 Jun 2021 11:44:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1624535095; bh=rkb7g6RrAfrtdrgd6Tf8cTWBC4nfH976znPeOl4qto8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pOBNTFp1wns21bK3cLVRk+Gx0uwFKSuUkiNXGgF8lJ7oHx7CdPZSz0X8df5GB9ut0 inrihUnaENK56JOUoyUB79YeXB+V5DTXSj/UAJirL9l5zNlL+SEPluM5oezcjmfdOy 4WUhd/dk/L9VvncpkGiZSXKeK6g0cKi1SRyV/+QEqr99kV3WLC35Fp1YamAk1pHg3A HKUy3VS/+/JYbATqqY2JrwyKhwG1nJUXFMssruuy+Nw4dH8odMSj8jnsWfTZ3SIPFv TKaWoGhifozLOjj/ECn+Vapfb+eA+o85RSq9fMk5eOpAIyS3kAczx0GcE1T5dSocY+ HCwIRr7MWJLZg== Date: Thu, 24 Jun 2021 12:44:31 +0100 From: Mark Brown To: lijian_8010a29@163.com Cc: linux-spi@vger.kernel.org, linux-kernel@vger.kernel.org, lijian Subject: Re: [PATCH] spi: spi-topcliff-pch: Fixed the possible null pointer exception issue Message-ID: <20210624114430.GB3912@sirena.org.uk> References: <20210624105056.167233-1-lijian_8010a29@163.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="z6Eq5LdranGa6ru8" Content-Disposition: inline In-Reply-To: <20210624105056.167233-1-lijian_8010a29@163.com> X-Cookie: World War III? No thanks! User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --z6Eq5LdranGa6ru8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 24, 2021 at 06:50:56PM +0800, lijian_8010a29@163.com wrote: > From: lijian >=20 > The 'data->pkt_tx_buff' is used after called > =E2=80=98kfree(data->pkt_tx_buff)=E2=80=99,it may be null when it is call= ed, > and null pointer exception may occur, > so judgment is added when using 'data->pkt_tx_buff'. > - if (data->cur_trans->tx_buf !=3D NULL) { > + if ((data->cur_trans->tx_buf !=3D NULL) && (data->pkt_tx_buff !=3D NULL= )) { > if (*bpw =3D=3D 8) { > tx_buf =3D data->cur_trans->tx_buf; > for (j =3D 0; j < data->bpw_len; j++) > @@ -621,8 +621,10 @@ static void pch_spi_set_tx(struct pch_spi_data *data= , int *bpw) > __func__); > pch_spi_writereg(data->master, PCH_SSNXCR, SSN_LOW); > =20 > - for (j =3D 0; j < n_writes; j++) > - pch_spi_writereg(data->master, PCH_SPDWR, data->pkt_tx_buff[j]); > + if (data->pkt_tx_buff !=3D NULL) { > + for (j =3D 0; j < n_writes; j++) I've not checked to make sure that the dereference can happen but if it does and these checks prevent dereferences it seems that they do so by simply skipping the writes that were happening which will result in the driver just silently dropping data, probably creating serious problems for whatever SPI device is attached. We should ideally carry on with the transmit, or at the very least return an error if things fail. --z6Eq5LdranGa6ru8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmDUcB4ACgkQJNaLcl1U h9BKBwf8Cbf2h7wD7pP0qwku78wjJrZXdhvRVLqCX5SUPv6gZqKBJJSrd5ZoABPS TDSuXhf6FOhYQclnv1tt2YmiYZehAxVh613gUzOoXB/vYqyteY2wsvEzV/Fgo+E6 hFSjGDpixzO86/pzC3HQo6HTo1S9mPTkXHPfXDqjB/QnR5oWn5jyJm4ZKhz02PXT z39Eg4N3IBgAXhaiRa3tVAtewboIuswFfG7j/Z/4keMQm2A7uh7oxacjG+jgDyd9 dtmNrnGsSCrxzYT8x2psZgfi6qt2tb4VeDKUt5pXhHinmHPNQcd2IVTB/nycmY8w MzcVsDmrZmGmpjh9IWlusuvMUwBWew== =u7Ze -----END PGP SIGNATURE----- --z6Eq5LdranGa6ru8--