[v2] iio: vadc: Fix potential dereference of NULL pointer

Message ID	1652939455-123139-1-git-send-email-lyz_cs@pku.edu.cn (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-iio-owner@kernel.org> From: Yongzhi Liu <lyz_cs@pku.edu.cn> To: agross@kernel.org, bjorn.andersson@linaro.org, jic23@kernel.org, lars@metafoo.de Cc: linux-arm-msm@vger.kernel.org, linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org, fuyq@stu.pku.edu.cn, Yongzhi Liu <lyz_cs@pku.edu.cn> Subject: [PATCH v2] iio: vadc: Fix potential dereference of NULL pointer Date: Wed, 18 May 2022 22:50:55 -0700 Message-Id: <1652939455-123139-1-git-send-email-lyz_cs@pku.edu.cn> In-Reply-To: <YoUtezVzsPB8MAEO@google.com> References: <YoUtezVzsPB8MAEO@google.com> Precedence: bulk
Series	[v2] iio: vadc: Fix potential dereference of NULL pointer \| expand [v2] iio: vadc: Fix potential dereference of NULL pointer

Message ID

1652939455-123139-1-git-send-email-lyz_cs@pku.edu.cn (mailing list archive)

State

Superseded

Headers

From: Yongzhi Liu <lyz_cs@pku.edu.cn>
To: agross@kernel.org, bjorn.andersson@linaro.org, jic23@kernel.org,
        lars@metafoo.de
Cc: linux-arm-msm@vger.kernel.org, linux-iio@vger.kernel.org,
        linux-kernel@vger.kernel.org, fuyq@stu.pku.edu.cn,
        Yongzhi Liu <lyz_cs@pku.edu.cn>
Subject: [PATCH v2] iio: vadc: Fix potential dereference of NULL pointer
Date: Wed, 18 May 2022 22:50:55 -0700
Message-Id: <1652939455-123139-1-git-send-email-lyz_cs@pku.edu.cn>
In-Reply-To: <YoUtezVzsPB8MAEO@google.com>
References: <YoUtezVzsPB8MAEO@google.com>
Precedence: bulk

Series

[v2] iio: vadc: Fix potential dereference of NULL pointer | expand

Commit Message

刘永志 May 19, 2022, 5:50 a.m. UTC

The return value of vadc_get_channel() needs to be checked
to avoid use of NULL pointer. Fix this by adding the null
pointer check on prop.

Fixes: 0917de94c ("iio: vadc: Qualcomm SPMI PMIC voltage ADC driver")

Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn>
---
 drivers/iio/adc/qcom-spmi-vadc.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

Comments

Jonathan Cameron May 20, 2022, 5:13 p.m. UTC | #1

On Wed, 18 May 2022 22:50:55 -0700
Yongzhi Liu <lyz_cs@pku.edu.cn> wrote:

> The return value of vadc_get_channel() needs to be checked
> to avoid use of NULL pointer. Fix this by adding the null
> pointer check on prop.
> 
> Fixes: 0917de94c ("iio: vadc: Qualcomm SPMI PMIC voltage ADC driver")
> 
> Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn>
This function has a lot of goto err; where err just results in
a print.

My suggestion is to just drop that print and use
error specific prints as you have done here, then use direct returns.

> ---
>  drivers/iio/adc/qcom-spmi-vadc.c | 23 ++++++++++++++++++++++-
>  1 file changed, 22 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c
> index 34202ba..9fa61fb 100644
> --- a/drivers/iio/adc/qcom-spmi-vadc.c
> +++ b/drivers/iio/adc/qcom-spmi-vadc.c
> @@ -358,14 +358,25 @@ static int vadc_measure_ref_points(struct vadc_priv *vadc)
>  	vadc->graph[VADC_CALIB_ABSOLUTE].dx = VADC_ABSOLUTE_RANGE_UV;
>  
>  	prop = vadc_get_channel(vadc, VADC_REF_1250MV);
> +	if (!prop) {
> +		dev_err(vadc->dev, "Please define 1.25V channel\n");
> +		ret = -ENODEV;
> +		goto err;
> +	}
>  	ret = vadc_do_conversion(vadc, prop, &read_1);
>  	if (ret)
>  		goto err;
>  
>  	/* Try with buffered 625mV channel first */
>  	prop = vadc_get_channel(vadc, VADC_SPARE1);
> -	if (!prop)
> +	if (!prop) {
>  		prop = vadc_get_channel(vadc, VADC_REF_625MV);
> +		if (!prop) {
> +			dev_err(vadc->dev, "Please define 0.625V channel\n");
> +			ret = -ENODEV;
> +			goto err;
> +		}
> +	}
>  
>  	ret = vadc_do_conversion(vadc, prop, &read_2);
>  	if (ret)
> @@ -381,11 +392,21 @@ static int vadc_measure_ref_points(struct vadc_priv *vadc)
>  
>  	/* Ratiometric calibration */
>  	prop = vadc_get_channel(vadc, VADC_VDD_VADC);
> +	if (!prop) {
> +		dev_err(vadc->dev, "Please define VDD channel\n");
> +		ret = -ENODEV;
> +		goto err;
> +	}
>  	ret = vadc_do_conversion(vadc, prop, &read_1);
>  	if (ret)
>  		goto err;
>  
>  	prop = vadc_get_channel(vadc, VADC_GND_REF);
> +	if (!prop) {
> +		dev_err(vadc->dev, "Please define GND channel\n");
> +		ret = -ENODEV;
> +		goto err;
> +	}
>  	ret = vadc_do_conversion(vadc, prop, &read_2);
>  	if (ret)
>  		goto err;

diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c
index 34202ba..9fa61fb 100644
--- a/drivers/iio/adc/qcom-spmi-vadc.c
+++ b/drivers/iio/adc/qcom-spmi-vadc.c
@@ -358,14 +358,25 @@  static int vadc_measure_ref_points(struct vadc_priv *vadc)
 	vadc->graph[VADC_CALIB_ABSOLUTE].dx = VADC_ABSOLUTE_RANGE_UV;
 
 	prop = vadc_get_channel(vadc, VADC_REF_1250MV);
+	if (!prop) {
+		dev_err(vadc->dev, "Please define 1.25V channel\n");
+		ret = -ENODEV;
+		goto err;
+	}
 	ret = vadc_do_conversion(vadc, prop, &read_1);
 	if (ret)
 		goto err;
 
 	/* Try with buffered 625mV channel first */
 	prop = vadc_get_channel(vadc, VADC_SPARE1);
-	if (!prop)
+	if (!prop) {
 		prop = vadc_get_channel(vadc, VADC_REF_625MV);
+		if (!prop) {
+			dev_err(vadc->dev, "Please define 0.625V channel\n");
+			ret = -ENODEV;
+			goto err;
+		}
+	}
 
 	ret = vadc_do_conversion(vadc, prop, &read_2);
 	if (ret)
@@ -381,11 +392,21 @@  static int vadc_measure_ref_points(struct vadc_priv *vadc)
 
 	/* Ratiometric calibration */
 	prop = vadc_get_channel(vadc, VADC_VDD_VADC);
+	if (!prop) {
+		dev_err(vadc->dev, "Please define VDD channel\n");
+		ret = -ENODEV;
+		goto err;
+	}
 	ret = vadc_do_conversion(vadc, prop, &read_1);
 	if (ret)
 		goto err;
 
 	prop = vadc_get_channel(vadc, VADC_GND_REF);
+	if (!prop) {
+		dev_err(vadc->dev, "Please define GND channel\n");
+		ret = -ENODEV;
+		goto err;
+	}
 	ret = vadc_do_conversion(vadc, prop, &read_2);
 	if (ret)
 		goto err;

[v2] iio: vadc: Fix potential dereference of NULL pointer

Commit Message

Comments

Patch