ASoc: PCM6240: Fix a null pointer dereference in pcmdevice_i2c_probe

Commit Message

Hao Ge June 14, 2024, 2:41 a.m. UTC

From: Hao Ge <gehao@kylinos.cn>

When devm_kzalloc return NULL,we return -ENOMEM directly to
avoid a null pointer that call pcmdevice_remove which will
perform some operations on the members of the pcm_dev;

Fixes: 1324eafd37aa ("ASoc: PCM6240: Create PCM6240 Family driver code")
Signed-off-by: Hao Ge <gehao@kylinos.cn>
---
 sound/soc/codecs/pcm6240.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Markus Elfring June 14, 2024, 8:20 p.m. UTC | #1

> When devm_kzalloc return NULL,we return -ENOMEM directly to

This information fits to a coding style advice.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.10-rc3#n532


> avoid a null pointer that call pcmdevice_remove which will
> perform some operations on the members of the pcm_dev;

You pointed in an improvable way out that the label “out” was questionable
after the assignment of a well-known error code at the beginning.
https://elixir.bootlin.com/linux/v6.10-rc3/source/sound/soc/codecs/pcm6240.c#L2077


Can a wording approach (like the following) be a better change description?

   The value “-ENOMEM” was assigned to the local variable “ret”
   in one if branch after a devm_kzalloc() call failed at the beginning.
   This error code will trigger then a pcmdevice_remove() call
   with a passed null pointer so that an undesirable dereference
   will be performed.
   Thus return the appropriate error code directly.


Can a summary phrase like “Return directly after a failed devm_kzalloc()
in pcmdevice_i2c_probe()” be also helpful?

Regards,
Markus

Markus Elfring June 15, 2024, 6:16 a.m. UTC | #2

…
> +++ b/sound/soc/codecs/pcm6240.c
> @@ -2088,8 +2088,7 @@ static int pcmdevice_i2c_probe(struct i2c_client *i2c)
>
>  	pcm_dev = devm_kzalloc(&i2c->dev, sizeof(*pcm_dev), GFP_KERNEL);
>  	if (!pcm_dev) {
> -		ret = -ENOMEM;
> -		goto out;
> +		return -ENOMEM;
>  	}
…

Would you like to omit curly brackets from a single if branch?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.10-rc3#n197

Regards,
Markus

Mark Brown June 17, 2024, 11:58 a.m. UTC | #3

On Fri, Jun 14, 2024 at 10:20:38PM +0200, Markus Elfring wrote:
> > When devm_kzalloc return NULL,we return -ENOMEM directly to
> 
> This information fits to a coding style advice.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.10-rc3#n532

Feel free to ignore Markus, he has a long history of sending
unhelpful review comments and continues to ignore repeated requests
to stop.

Patch

diff --git a/sound/soc/codecs/pcm6240.c b/sound/soc/codecs/pcm6240.c
index 86e126783a1d..d3adcea457a2 100644
--- a/sound/soc/codecs/pcm6240.c
+++ b/sound/soc/codecs/pcm6240.c
@@ -2088,8 +2088,7 @@  static int pcmdevice_i2c_probe(struct i2c_client *i2c)
 
 	pcm_dev = devm_kzalloc(&i2c->dev, sizeof(*pcm_dev), GFP_KERNEL);
 	if (!pcm_dev) {
-		ret = -ENOMEM;
-		goto out;
+		return -ENOMEM;
 	}
 
 	pcm_dev->chip_id = (id != NULL) ? id->driver_data : 0;