Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4944376rwb; Sun, 13 Nov 2022 17:48:42 -0800 (PST) X-Google-Smtp-Source: AA0mqf5Hn0dBcKNgbgL7aeBCUToxsBtv2yd/UUvm1+R0ZHObEoB57YDEBGLIXMAG/3pUhrp0k2OX X-Received: by 2002:a50:ed84:0:b0:467:6b91:b591 with SMTP id h4-20020a50ed84000000b004676b91b591mr8431784edr.402.1668390522390; Sun, 13 Nov 2022 17:48:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668390522; cv=none; d=google.com; s=arc-20160816; b=vsYuWHDY2qt9ir6OPv/tqBEbAskuIbEJpxZ8KKYW+96IHcVd7iG/QY2yDT1T5GHzwb JwpkjmeoVkxthf9EvLVWvl5I03/X6/yEvOVbhQYjdCd/frYBD8wY99VDTx5q9iFJkTLi 5vxR+NCACLReOenPLJbguR+vj7sSFXBf4yb6aHrExaazFK9GzKpJZp/7VFf79fiBLOSn yj73s7Fv1MysPpCL7OJbOS/cLuXc+vCr+Hb9I/56l0xI54g2vf2jebmBZMri+wzAjVZb UQikd5kJ4kak4ZlfRlUfEGM+KFZ1oQUbQRHy74vSnslfSlyCgIjGlPQqL8I9/RrWo5J8 i+Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id; bh=AdRmZGb3a1QxL8sbZZpHLuXrnKlaXEJXS1IxOSIAC4k=; b=Akoynab3E7FHb3IoxSYDXgbtktTzJS8jnmYTeeoVNk+gySpYesqseRdfoMCK6zijm3 wlm+HL6/+QGGkIAKLfuHpYzpEkYg8PX+9n72CKb3BxexTF8zoySWowuevB0cX9q47wLW mrD2JPCUWdliGTkY9gQ6uGP1hwLkfxY0nbPRcshhAknfflqUK8QJ4jGLdiFMK4bmcGU8 V+yribzKlWRi7SFlGzsFXd9+Ary8xsEvciOAaHls6dajuLXPTC5BRid/rxcbBmwvCTwR E7Oyz441d+qJmXahyOXIx1VkXt+K2PMp/4cu7AKWJ5b1qtpHiHCt+wBYWudl4JAHExPC aoJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r12-20020a05640251cc00b004676b9092e0si6837699edd.408.2022.11.13.17.48.20; Sun, 13 Nov 2022 17:48:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235652AbiKNBKH (ORCPT + 90 others); Sun, 13 Nov 2022 20:10:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235541AbiKNBKG (ORCPT ); Sun, 13 Nov 2022 20:10:06 -0500 Received: from mx.socionext.com (mx.socionext.com [202.248.49.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DB8B510067 for ; Sun, 13 Nov 2022 17:10:04 -0800 (PST) Received: from unknown (HELO kinkan2-ex.css.socionext.com) ([172.31.9.52]) by mx.socionext.com with ESMTP; 14 Nov 2022 10:09:48 +0900 Received: from mail.mfilter.local (m-filter-1 [10.213.24.61]) by kinkan2-ex.css.socionext.com (Postfix) with ESMTP id B1D2A2059027; Mon, 14 Nov 2022 10:09:48 +0900 (JST) Received: from 172.31.9.51 (172.31.9.51) by m-FILTER with ESMTP; Mon, 14 Nov 2022 10:09:48 +0900 Received: from [10.212.157.40] (unknown [10.212.157.40]) by kinkan2.css.socionext.com (Postfix) with ESMTP id 071D8B62AE; Mon, 14 Nov 2022 10:09:48 +0900 (JST) Message-ID: <32291d3a-25f8-ff5f-d149-180fbb82278d@socionext.com> Date: Mon, 14 Nov 2022 10:09:47 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH] reset: uniphier-glue: Fix possible null-ptr-deref To: Hui Tang , p.zabel@pengutronix.de, mhiramat@kernel.org Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, weiyongjun1@huawei.com References: <20221114004958.258513-1-tanghui20@huawei.com> Content-Language: en-US From: Kunihiko Hayashi In-Reply-To: <20221114004958.258513-1-tanghui20@huawei.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/11/14 9:49, Hui Tang wrote: > It will cause null-ptr-deref when resource_size(res) invoked, > if platform_get_resource() returns NULL. > > Fixes: 499fef09a323 ("reset: uniphier: add USB3 core reset control") > Signed-off-by: Hui Tang > --- > drivers/reset/reset-uniphier-glue.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/reset/reset-uniphier-glue.c > b/drivers/reset/reset-uniphier-glue.c > index 146fd5d45e99..15abac9fc72c 100644 > --- a/drivers/reset/reset-uniphier-glue.c > +++ b/drivers/reset/reset-uniphier-glue.c > @@ -47,7 +47,6 @@ static int uniphier_glue_reset_probe(struct > platform_device *pdev) > struct device *dev = &pdev->dev; > struct uniphier_glue_reset_priv *priv; > struct resource *res; > - resource_size_t size; > int i, ret; > > priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); > @@ -60,7 +59,6 @@ static int uniphier_glue_reset_probe(struct > platform_device *pdev) > return -EINVAL; > > res = platform_get_resource(pdev, IORESOURCE_MEM, 0); > - size = resource_size(res); > priv->rdata.membase = devm_ioremap_resource(dev, res); > if (IS_ERR(priv->rdata.membase)) > return PTR_ERR(priv->rdata.membase); > @@ -96,7 +94,7 @@ static int uniphier_glue_reset_probe(struct > platform_device *pdev) > > spin_lock_init(&priv->rdata.lock); > priv->rdata.rcdev.owner = THIS_MODULE; > - priv->rdata.rcdev.nr_resets = size * BITS_PER_BYTE; > + priv->rdata.rcdev.nr_resets = resource_size(res) * BITS_PER_BYTE; > priv->rdata.rcdev.ops = &reset_simple_ops; > priv->rdata.rcdev.of_node = dev->of_node; > priv->rdata.active_low = true; Good catch! resource_size() should refer to res after the check. Reviewed-by: Kunihiko Hayashi Thank you, --- Best Regards Kunihiko Hayashi