diff mbox series

spi: pxa2xx: Add missed security checks

Message ID 20191017025058.31528-1-hslester96@gmail.com (mailing list archive)
State Superseded
Headers show
Series spi: pxa2xx: Add missed security checks | expand

Commit Message

Chuhong Yuan Oct. 17, 2019, 2:50 a.m. UTC 
pxa2xx_spi_init_pdata misses checks for devm_clk_get and
platform_get_irq.
Add checks for them to fix the bugs.

Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
---
 drivers/spi/spi-pxa2xx.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Andy Shevchenko Oct. 18, 2019, 9:34 a.m. UTC | #1 
On Fri, Oct 18, 2019 at 8:59 AM Chuhong Yuan <hslester96@gmail.com> wrote:
>
> pxa2xx_spi_init_pdata misses checks for devm_clk_get and
> platform_get_irq.
> Add checks for them to fix the bugs.
>
> Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> ---
>  drivers/spi/spi-pxa2xx.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
> index bb6a14d1ab0f..2e73d75a6ac5 100644
> --- a/drivers/spi/spi-pxa2xx.c
> +++ b/drivers/spi/spi-pxa2xx.c
> @@ -1565,7 +1565,13 @@ pxa2xx_spi_init_pdata(struct platform_device *pdev)
>  #endif
>
>         ssp->clk = devm_clk_get(&pdev->dev, NULL);
> +       if (IS_ERR(ssp->clk))
> +               return NULL;
> +
>         ssp->irq = platform_get_irq(pdev, 0);
> +       if (ssp->irq < 0)
> +               return NULL;

I'm not sure they are mandatory for all platforms.
To be on the safe side, you simple need to add _optional() to the both
call along with above change.
Chuhong Yuan Oct. 18, 2019, 10:39 a.m. UTC | #2 
On Fri, Oct 18, 2019 at 5:35 PM Andy Shevchenko
<andy.shevchenko@gmail.com> wrote:
>
> On Fri, Oct 18, 2019 at 8:59 AM Chuhong Yuan <hslester96@gmail.com> wrote:
> >
> > pxa2xx_spi_init_pdata misses checks for devm_clk_get and
> > platform_get_irq.
> > Add checks for them to fix the bugs.
> >
> > Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> > ---
> >  drivers/spi/spi-pxa2xx.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
> > index bb6a14d1ab0f..2e73d75a6ac5 100644
> > --- a/drivers/spi/spi-pxa2xx.c
> > +++ b/drivers/spi/spi-pxa2xx.c
> > @@ -1565,7 +1565,13 @@ pxa2xx_spi_init_pdata(struct platform_device *pdev)
> >  #endif
> >
> >         ssp->clk = devm_clk_get(&pdev->dev, NULL);
> > +       if (IS_ERR(ssp->clk))
> > +               return NULL;
> > +
> >         ssp->irq = platform_get_irq(pdev, 0);
> > +       if (ssp->irq < 0)
> > +               return NULL;
>
> I'm not sure they are mandatory for all platforms.
> To be on the safe side, you simple need to add _optional() to the both
> call along with above change.
>

As I know, this is the only one in spi which does not have a check for
devm_clk_get.
Even if add _optional(), they still may return errors and need security checks.

> --
> With Best Regards,
> Andy Shevchenko
Andy Shevchenko Oct. 18, 2019, 11:14 a.m. UTC | #3 
On Fri, Oct 18, 2019 at 1:39 PM Chuhong Yuan <hslester96@gmail.com> wrote:
>
> On Fri, Oct 18, 2019 at 5:35 PM Andy Shevchenko
> <andy.shevchenko@gmail.com> wrote:
> >
> > On Fri, Oct 18, 2019 at 8:59 AM Chuhong Yuan <hslester96@gmail.com> wrote:
> > >
> > > pxa2xx_spi_init_pdata misses checks for devm_clk_get and
> > > platform_get_irq.
> > > Add checks for them to fix the bugs.
> > >
> > > Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> > > ---
> > >  drivers/spi/spi-pxa2xx.c | 6 ++++++
> > >  1 file changed, 6 insertions(+)
> > >
> > > diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
> > > index bb6a14d1ab0f..2e73d75a6ac5 100644
> > > --- a/drivers/spi/spi-pxa2xx.c
> > > +++ b/drivers/spi/spi-pxa2xx.c
> > > @@ -1565,7 +1565,13 @@ pxa2xx_spi_init_pdata(struct platform_device *pdev)
> > >  #endif
> > >
> > >         ssp->clk = devm_clk_get(&pdev->dev, NULL);
> > > +       if (IS_ERR(ssp->clk))
> > > +               return NULL;
> > > +
> > >         ssp->irq = platform_get_irq(pdev, 0);
> > > +       if (ssp->irq < 0)
> > > +               return NULL;
> >
> > I'm not sure they are mandatory for all platforms.
> > To be on the safe side, you simple need to add _optional() to the both
> > call along with above change.
> >
>
> As I know, this is the only one in spi which does not have a check for
> devm_clk_get.

For some it still may be optional. That's why better to check it and
mention in the commit message.

> Even if add _optional(), they still may return errors and need security checks.

Of course, see "along with" in my previous comment.
Chuhong Yuan Oct. 18, 2019, 11:37 a.m. UTC | #4 
On Fri, Oct 18, 2019 at 7:14 PM Andy Shevchenko
<andy.shevchenko@gmail.com> wrote:
>
> On Fri, Oct 18, 2019 at 1:39 PM Chuhong Yuan <hslester96@gmail.com> wrote:
> >
> > On Fri, Oct 18, 2019 at 5:35 PM Andy Shevchenko
> > <andy.shevchenko@gmail.com> wrote:
> > >
> > > On Fri, Oct 18, 2019 at 8:59 AM Chuhong Yuan <hslester96@gmail.com> wrote:
> > > >
> > > > pxa2xx_spi_init_pdata misses checks for devm_clk_get and
> > > > platform_get_irq.
> > > > Add checks for them to fix the bugs.
> > > >
> > > > Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> > > > ---
> > > >  drivers/spi/spi-pxa2xx.c | 6 ++++++
> > > >  1 file changed, 6 insertions(+)
> > > >
> > > > diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
> > > > index bb6a14d1ab0f..2e73d75a6ac5 100644
> > > > --- a/drivers/spi/spi-pxa2xx.c
> > > > +++ b/drivers/spi/spi-pxa2xx.c
> > > > @@ -1565,7 +1565,13 @@ pxa2xx_spi_init_pdata(struct platform_device *pdev)
> > > >  #endif
> > > >
> > > >         ssp->clk = devm_clk_get(&pdev->dev, NULL);
> > > > +       if (IS_ERR(ssp->clk))
> > > > +               return NULL;
> > > > +
> > > >         ssp->irq = platform_get_irq(pdev, 0);
> > > > +       if (ssp->irq < 0)
> > > > +               return NULL;
> > >
> > > I'm not sure they are mandatory for all platforms.
> > > To be on the safe side, you simple need to add _optional() to the both
> > > call along with above change.
> > >
> >
> > As I know, this is the only one in spi which does not have a check for
> > devm_clk_get.
>
> For some it still may be optional. That's why better to check it and
> mention in the commit message.
>
> > Even if add _optional(), they still may return errors and need security checks.
>
> Of course, see "along with" in my previous comment.
>

Got it. I will send version 2 in which both _optional() and security
checks will be added.

> --
> With Best Regards,
> Andy Shevchenko
Andy Shevchenko Oct. 18, 2019, 2:04 p.m. UTC | #5 
On Fri, Oct 18, 2019 at 2:37 PM Chuhong Yuan <hslester96@gmail.com> wrote:
> On Fri, Oct 18, 2019 at 7:14 PM Andy Shevchenko
> <andy.shevchenko@gmail.com> wrote:
> > On Fri, Oct 18, 2019 at 1:39 PM Chuhong Yuan <hslester96@gmail.com> wrote:
> > > On Fri, Oct 18, 2019 at 5:35 PM Andy Shevchenko
> > > <andy.shevchenko@gmail.com> wrote:
> > > > On Fri, Oct 18, 2019 at 8:59 AM Chuhong Yuan <hslester96@gmail.com> wrote:

> > > > I'm not sure they are mandatory for all platforms.
> > > > To be on the safe side, you simple need to add _optional() to the both
> > > > call along with above change.
> > > >
> > >
> > > As I know, this is the only one in spi which does not have a check for
> > > devm_clk_get.
> >
> > For some it still may be optional. That's why better to check it and
> > mention in the commit message.
> >
> > > Even if add _optional(), they still may return errors and need security checks.
> >
> > Of course, see "along with" in my previous comment.
> >
>
> Got it. I will send version 2 in which both _optional() and security
> checks will be added.

Let me be clear. I didn't check if _optional() needed or not. You need
to investigate this before sending new verison.
And in either case this should be explained in commit message.
Chuhong Yuan Oct. 28, 2019, 1:38 a.m. UTC | #6 
On Fri, Oct 18, 2019 at 10:04 PM Andy Shevchenko
<andy.shevchenko@gmail.com> wrote:
>
> On Fri, Oct 18, 2019 at 2:37 PM Chuhong Yuan <hslester96@gmail.com> wrote:
> > On Fri, Oct 18, 2019 at 7:14 PM Andy Shevchenko
> > <andy.shevchenko@gmail.com> wrote:
> > > On Fri, Oct 18, 2019 at 1:39 PM Chuhong Yuan <hslester96@gmail.com> wrote:
> > > > On Fri, Oct 18, 2019 at 5:35 PM Andy Shevchenko
> > > > <andy.shevchenko@gmail.com> wrote:
> > > > > On Fri, Oct 18, 2019 at 8:59 AM Chuhong Yuan <hslester96@gmail.com> wrote:
>
> > > > > I'm not sure they are mandatory for all platforms.
> > > > > To be on the safe side, you simple need to add _optional() to the both
> > > > > call along with above change.
> > > > >
> > > >
> > > > As I know, this is the only one in spi which does not have a check for
> > > > devm_clk_get.
> > >
> > > For some it still may be optional. That's why better to check it and
> > > mention in the commit message.
> > >
> > > > Even if add _optional(), they still may return errors and need security checks.
> > >
> > > Of course, see "along with" in my previous comment.
> > >
> >
> > Got it. I will send version 2 in which both _optional() and security
> > checks will be added.
>
> Let me be clear. I didn't check if _optional() needed or not. You need
> to investigate this before sending new verison.
> And in either case this should be explained in commit message.
>

I have checked this file again and found ssp->clk is used by clk_get_rate in
pxa2xx_spi_probe.
Therefore, it should not be NULL and _optional cannot be used here.
Besides, ssp->irq is also used in pxa2xx_spi_probe.
Hence, I think this patch is fine.

Regards,
Chuhong

> --
> With Best Regards,
> Andy Shevchenko
diff mbox series

Patch

diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index bb6a14d1ab0f..2e73d75a6ac5 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -1565,7 +1565,13 @@  pxa2xx_spi_init_pdata(struct platform_device *pdev)
 #endif
 
 	ssp->clk = devm_clk_get(&pdev->dev, NULL);
+	if (IS_ERR(ssp->clk))
+		return NULL;
+
 	ssp->irq = platform_get_irq(pdev, 0);
+	if (ssp->irq < 0)
+		return NULL;
+
 	ssp->type = type;
 	ssp->pdev = pdev;
 	ssp->port_id = pxa2xx_spi_get_port_id(adev);