| Message ID | 1576552672-22737-1-git-send-email-zhangpan26@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mmc: host: fix a possible null pointer access. | expand |
On Tue, 17 Dec 2019 at 04:18, Pan Zhang <zhangpan26@huawei.com> wrote: > > 3419 if (host->slot && > 3420 (mmc_can_gpio_cd(host->slot->mmc) || > 3421 !mmc_card_is_removable(host->slot->mmc))) { > 3422 ret = clk_prepare_enable(host->biu_clk); > 3423 if (ret) > 3424 return ret; > 3425 } > > We previously assumed 'host->slot' could be null (see line 3419). > > The following situation is similar, so add a judgement. > > Signed-off-by: Pan Zhang <zhangpan26@huawei.com> > --- > drivers/mmc/host/dw_mmc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c > index fc9d4d0..8e27c52 100644 > --- a/drivers/mmc/host/dw_mmc.c > +++ b/drivers/mmc/host/dw_mmc.c > @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev) > mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE); > > > - if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER) > + if (host->slot && (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)) > dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios); This shouldn't be a problem as the ->runtime_resume() callback can't be invoked, unless there is a slot. > > /* Force setup bus to guarantee available clock output */ > -- > 2.7.4 > Kind regards Uffe
On Wed, 18 Dec 2019 at 7:52 p.m., Ulf Hansson <ulf.hansson@linaro.org> wrote: >> >> 3419 if (host->slot && >> 3420 (mmc_can_gpio_cd(host->slot->mmc) || >> 3421 !mmc_card_is_removable(host->slot->mmc))) { >> 3422 ret = clk_prepare_enable(host->biu_clk); >> 3423 if (ret) >> 3424 return ret; >> 3425 } >> >> We previously assumed 'host->slot' could be null (see line 3419). >> >> The following situation is similar, so add a judgement. >> >> Signed-off-by: Pan Zhang <zhangpan26@huawei.com> >> --- >> drivers/mmc/host/dw_mmc.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c >> index fc9d4d0..8e27c52 100644 >> --- a/drivers/mmc/host/dw_mmc.c >> +++ b/drivers/mmc/host/dw_mmc.c >> @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev) >> mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE); >> >> >> - if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER) >> + if (host->slot && (host->slot->mmc->pm_flags & >> + MMC_PM_KEEP_POWER)) >> dw_mci_set_ios(host->slot->mmc, >> &host->slot->mmc->ios); >This shouldn't be a problem as the ->runtime_resume() callback can't be invoked, unless there is a slot. >> >> /* Force setup bus to guarantee available clock output */ >> -- >> 2.7.4 >> If so, there is no need to assume host->slot pointer previously(line 3419)?
On Thu, 19 Dec 2019 at 07:28, Pan Zhang <zhangpan26@huawei.com> wrote: > > On Wed, 18 Dec 2019 at 7:52 p.m., Ulf Hansson <ulf.hansson@linaro.org> wrote: > >> > >> 3419 if (host->slot && > >> 3420 (mmc_can_gpio_cd(host->slot->mmc) || > >> 3421 !mmc_card_is_removable(host->slot->mmc))) { > >> 3422 ret = clk_prepare_enable(host->biu_clk); > >> 3423 if (ret) > >> 3424 return ret; > >> 3425 } > >> > >> We previously assumed 'host->slot' could be null (see line 3419). > >> > >> The following situation is similar, so add a judgement. > >> > >> Signed-off-by: Pan Zhang <zhangpan26@huawei.com> > >> --- > >> drivers/mmc/host/dw_mmc.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c > >> index fc9d4d0..8e27c52 100644 > >> --- a/drivers/mmc/host/dw_mmc.c > >> +++ b/drivers/mmc/host/dw_mmc.c > >> @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev) > >> mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE); > >> > >> > >> - if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER) > >> + if (host->slot && (host->slot->mmc->pm_flags & > >> + MMC_PM_KEEP_POWER)) > >> dw_mci_set_ios(host->slot->mmc, > >> &host->slot->mmc->ios); > > >This shouldn't be a problem as the ->runtime_resume() callback can't be invoked, unless there is a slot. > > >> > >> /* Force setup bus to guarantee available clock output */ > >> -- > >> 2.7.4 > >> > > If so, there is no need to assume host->slot pointer previously(line 3419)? > Yeah, there is probably more cases that has unnecessary "protection". Kind regards Uffe
diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c index fc9d4d0..8e27c52 100644 --- a/drivers/mmc/host/dw_mmc.c +++ b/drivers/mmc/host/dw_mmc.c @@ -3454,7 +3454,7 @@ int dw_mci_runtime_resume(struct device *dev) mci_writel(host, CTRL, SDMMC_CTRL_INT_ENABLE); - if (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER) + if (host->slot && (host->slot->mmc->pm_flags & MMC_PM_KEEP_POWER)) dw_mci_set_ios(host->slot->mmc, &host->slot->mmc->ios); /* Force setup bus to guarantee available clock output */
3419 if (host->slot && 3420 (mmc_can_gpio_cd(host->slot->mmc) || 3421 !mmc_card_is_removable(host->slot->mmc))) { 3422 ret = clk_prepare_enable(host->biu_clk); 3423 if (ret) 3424 return ret; 3425 } We previously assumed 'host->slot' could be null (see line 3419). The following situation is similar, so add a judgement. Signed-off-by: Pan Zhang <zhangpan26@huawei.com> --- drivers/mmc/host/dw_mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)