diff mbox

soc: mediatek: Handle return of of_match_device function

Message ID 1517482822-28758-1-git-send-email-himanshujha199640@gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Himanshu Jha Feb. 1, 2018, 11 a.m. UTC 
In scpsys_probe function, return value of of_match_device function which
returns null is dereferenced without checking. Therefore, add a check for
potential null dereference.

Detected by CoverityScan, CID#1424087 "Dereference null return value"

Fixes: commit 53fddb1a66dd ("soc: mediatek: reduce code duplication of scpsys_probe across all SoCs")
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
---
 drivers/soc/mediatek/mtk-scpsys.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Geert Uytterhoeven Feb. 1, 2018, 11:04 a.m. UTC | #1 
Hi Himanshu,

On Thu, Feb 1, 2018 at 12:00 PM, Himanshu Jha
<himanshujha199640@gmail.com> wrote:
> In scpsys_probe function, return value of of_match_device function which
> returns null is dereferenced without checking. Therefore, add a check for
> potential null dereference.
>
> Detected by CoverityScan, CID#1424087 "Dereference null return value"
>
> Fixes: commit 53fddb1a66dd ("soc: mediatek: reduce code duplication of scpsys_probe across all SoCs")
> Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>

This is a false positive: as this is a pure-OF driver, scpsys_probe()
is called if
and only if a match was found in of_scpsys_match_tbl[].

> ---
>  drivers/soc/mediatek/mtk-scpsys.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/drivers/soc/mediatek/mtk-scpsys.c b/drivers/soc/mediatek/mtk-scpsys.c
> index 435ce5e..6e7f196 100644
> --- a/drivers/soc/mediatek/mtk-scpsys.c
> +++ b/drivers/soc/mediatek/mtk-scpsys.c
> @@ -981,6 +981,9 @@ static int scpsys_probe(struct platform_device *pdev)
>         int i, ret;
>
>         match = of_match_device(of_scpsys_match_tbl, &pdev->dev);
> +       if (!match)
> +               return -EINVAL;
> +
>         soc = (const struct scp_soc_data *)match->data;
>
>         scp = init_scp(pdev, soc->domains, soc->num_domains, &soc->regs,

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Alexandre Belloni Feb. 1, 2018, 11:59 a.m. UTC | #2 
On 01/02/2018 at 16:30:22 +0530, Himanshu Jha wrote:
> In scpsys_probe function, return value of of_match_device function which
> returns null is dereferenced without checking. Therefore, add a check for
> potential null dereference.
> 
> Detected by CoverityScan, CID#1424087 "Dereference null return value"
> 

No, this will never happen as the only way to probe this device is to
use device tree.

> Fixes: commit 53fddb1a66dd ("soc: mediatek: reduce code duplication of scpsys_probe across all SoCs")
> Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
> ---
>  drivers/soc/mediatek/mtk-scpsys.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/soc/mediatek/mtk-scpsys.c b/drivers/soc/mediatek/mtk-scpsys.c
> index 435ce5e..6e7f196 100644
> --- a/drivers/soc/mediatek/mtk-scpsys.c
> +++ b/drivers/soc/mediatek/mtk-scpsys.c
> @@ -981,6 +981,9 @@ static int scpsys_probe(struct platform_device *pdev)
>  	int i, ret;
>  
>  	match = of_match_device(of_scpsys_match_tbl, &pdev->dev);
> +	if (!match)
> +		return -EINVAL;
> +
>  	soc = (const struct scp_soc_data *)match->data;
>  
>  	scp = init_scp(pdev, soc->domains, soc->num_domains, &soc->regs,
> -- 
> 2.7.4
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Robin Murphy Feb. 1, 2018, 3:02 p.m. UTC | #3 
On 01/02/18 11:00, Himanshu Jha wrote:
> In scpsys_probe function, return value of of_match_device function which
> returns null is dereferenced without checking. Therefore, add a check for
> potential null dereference.
> 
> Detected by CoverityScan, CID#1424087 "Dereference null return value"
> 
> Fixes: commit 53fddb1a66dd ("soc: mediatek: reduce code duplication of scpsys_probe across all SoCs")
> Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
> ---
>   drivers/soc/mediatek/mtk-scpsys.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/soc/mediatek/mtk-scpsys.c b/drivers/soc/mediatek/mtk-scpsys.c
> index 435ce5e..6e7f196 100644
> --- a/drivers/soc/mediatek/mtk-scpsys.c
> +++ b/drivers/soc/mediatek/mtk-scpsys.c
> @@ -981,6 +981,9 @@ static int scpsys_probe(struct platform_device *pdev)
>   	int i, ret;
>   
>   	match = of_match_device(of_scpsys_match_tbl, &pdev->dev);
> +	if (!match)
> +		return -EINVAL;
> +
>   	soc = (const struct scp_soc_data *)match->data;

You could of course replace the whole sequence with an 
of_device_get_match_data() call, which happens to be inherently safe 
against the no-match case even when that *is* impossible by design.

Robin.

>   
>   	scp = init_scp(pdev, soc->domains, soc->num_domains, &soc->regs,
>
Geert Uytterhoeven Feb. 1, 2018, 3:09 p.m. UTC | #4 
On Thu, Feb 1, 2018 at 4:02 PM, Robin Murphy <robin.murphy@arm.com> wrote:
> On 01/02/18 11:00, Himanshu Jha wrote:
>> In scpsys_probe function, return value of of_match_device function which
>> returns null is dereferenced without checking. Therefore, add a check for
>> potential null dereference.
>>
>> Detected by CoverityScan, CID#1424087 "Dereference null return value"
>>
>> Fixes: commit 53fddb1a66dd ("soc: mediatek: reduce code duplication of
>> scpsys_probe across all SoCs")
>> Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
>> ---
>>   drivers/soc/mediatek/mtk-scpsys.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/soc/mediatek/mtk-scpsys.c
>> b/drivers/soc/mediatek/mtk-scpsys.c
>> index 435ce5e..6e7f196 100644
>> --- a/drivers/soc/mediatek/mtk-scpsys.c
>> +++ b/drivers/soc/mediatek/mtk-scpsys.c
>> @@ -981,6 +981,9 @@ static int scpsys_probe(struct platform_device *pdev)
>>         int i, ret;
>>         match = of_match_device(of_scpsys_match_tbl, &pdev->dev);
>> +       if (!match)
>> +               return -EINVAL;
>> +
>>         soc = (const struct scp_soc_data *)match->data;
>
> You could of course replace the whole sequence with an
> of_device_get_match_data() call, which happens to be inherently safe against
> the no-match case even when that *is* impossible by design.

+1

>>         scp = init_scp(pdev, soc->domains, soc->num_domains, &soc->regs,

... followed by the static analyser gang complaining we may dereference
NULL pointer soc...

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Robin Murphy Feb. 1, 2018, 3:16 p.m. UTC | #5 
On 01/02/18 15:09, Geert Uytterhoeven wrote:
> On Thu, Feb 1, 2018 at 4:02 PM, Robin Murphy <robin.murphy@arm.com> wrote:
>> On 01/02/18 11:00, Himanshu Jha wrote:
>>> In scpsys_probe function, return value of of_match_device function which
>>> returns null is dereferenced without checking. Therefore, add a check for
>>> potential null dereference.
>>>
>>> Detected by CoverityScan, CID#1424087 "Dereference null return value"
>>>
>>> Fixes: commit 53fddb1a66dd ("soc: mediatek: reduce code duplication of
>>> scpsys_probe across all SoCs")
>>> Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
>>> ---
>>>    drivers/soc/mediatek/mtk-scpsys.c | 3 +++
>>>    1 file changed, 3 insertions(+)
>>>
>>> diff --git a/drivers/soc/mediatek/mtk-scpsys.c
>>> b/drivers/soc/mediatek/mtk-scpsys.c
>>> index 435ce5e..6e7f196 100644
>>> --- a/drivers/soc/mediatek/mtk-scpsys.c
>>> +++ b/drivers/soc/mediatek/mtk-scpsys.c
>>> @@ -981,6 +981,9 @@ static int scpsys_probe(struct platform_device *pdev)
>>>          int i, ret;
>>>          match = of_match_device(of_scpsys_match_tbl, &pdev->dev);
>>> +       if (!match)
>>> +               return -EINVAL;
>>> +
>>>          soc = (const struct scp_soc_data *)match->data;
>>
>> You could of course replace the whole sequence with an
>> of_device_get_match_data() call, which happens to be inherently safe against
>> the no-match case even when that *is* impossible by design.
> 
> +1
> 
>>>          scp = init_scp(pdev, soc->domains, soc->num_domains, &soc->regs,
> 
> ... followed by the static analyser gang complaining we may dereference
> NULL pointer soc...

Well, if the static analysers can't track the provenance of 
dev->driver->of_match_table, let's keep ignoring them until they get 
cleverer :P

Robin.

> 
> Gr{oetje,eeting}s,
> 
>                          Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds
>
diff mbox

Patch

diff --git a/drivers/soc/mediatek/mtk-scpsys.c b/drivers/soc/mediatek/mtk-scpsys.c
index 435ce5e..6e7f196 100644
--- a/drivers/soc/mediatek/mtk-scpsys.c
+++ b/drivers/soc/mediatek/mtk-scpsys.c
@@ -981,6 +981,9 @@  static int scpsys_probe(struct platform_device *pdev)
 	int i, ret;
 
 	match = of_match_device(of_scpsys_match_tbl, &pdev->dev);
+	if (!match)
+		return -EINVAL;
+
 	soc = (const struct scp_soc_data *)match->data;
 
 	scp = init_scp(pdev, soc->domains, soc->num_domains, &soc->regs,