| Message ID | tencent_026E4B04ACDCE341411EF54862F8C6AB1605@qq.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/bridge: imx: fix potential NULL pointer dereference in imx8qxp_ldb_parse_dt_companion() | expand |
Hi Zhang, Thank you for the patch. On Tue, Aug 29, 2023 at 12:55:01AM +0800, Zhang Shurong wrote: > of_match_device() may fail and returns a NULL pointer. How can it return a NULL pointer here ? > Fix this by checking the return value of of_match_device(). > > Fixes: 3818715f62b4 ("drm/bridge: imx: Add LDB support for i.MX8qxp") > Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> > --- > drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > index 7984da9c0a35..d272f35c8eac 100644 > --- a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > +++ b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > @@ -488,6 +488,8 @@ static int imx8qxp_ldb_parse_dt_companion(struct imx8qxp_ldb *imx8qxp_ldb) > * string. > */ > match = of_match_device(dev->driver->of_match_table, dev); > + if (!match) > + return -ENODEV; > if (!of_device_is_compatible(companion, match->compatible)) { > DRM_DEV_ERROR(dev, "companion LDB is incompatible\n"); > ret = -ENXIO;
在 2023年8月29日星期二 CST 上午1:28:22,Laurent Pinchart 写道: > Hi Zhang, > > Thank you for the patch. > > On Tue, Aug 29, 2023 at 12:55:01AM +0800, Zhang Shurong wrote: > > of_match_device() may fail and returns a NULL pointer. > > How can it return a NULL pointer here ? > > > Fix this by checking the return value of of_match_device(). > > > > Fixes: 3818715f62b4 ("drm/bridge: imx: Add LDB support for i.MX8qxp") > > Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> > > --- > > > > drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c index > > 7984da9c0a35..d272f35c8eac 100644 > > --- a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > +++ b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > @@ -488,6 +488,8 @@ static int imx8qxp_ldb_parse_dt_companion(struct > > imx8qxp_ldb *imx8qxp_ldb)> > > * string. > > */ > > > > match = of_match_device(dev->driver->of_match_table, dev); > > > > + if (!match) > > + return -ENODEV; > > > > if (!of_device_is_compatible(companion, match->compatible)) { > > > > DRM_DEV_ERROR(dev, "companion LDB is incompatible\n"); > > ret = -ENXIO; I think we can make it happen by designing the platform device in a way that its name aligns with that of the driver. In such a scenario, when the driver is probed, the of_match_device function will return null. You can verify this functionality by reviewing the following function: static int platform_match(struct device *dev, struct device_driver *drv)
On Tue, Aug 29, 2023 at 02:01:25AM +0800, Zhang Shurong wrote: > 在 2023年8月29日星期二 CST 上午1:28:22,Laurent Pinchart 写道: > > Hi Zhang, > > > > Thank you for the patch. > > > > On Tue, Aug 29, 2023 at 12:55:01AM +0800, Zhang Shurong wrote: > > > of_match_device() may fail and returns a NULL pointer. > > > > How can it return a NULL pointer here ? > > > > > Fix this by checking the return value of of_match_device(). > > > > > > Fixes: 3818715f62b4 ("drm/bridge: imx: Add LDB support for i.MX8qxp") > > > Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> > > > --- > > > > > > drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > > b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c index > > > 7984da9c0a35..d272f35c8eac 100644 > > > --- a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > > +++ b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > > @@ -488,6 +488,8 @@ static int imx8qxp_ldb_parse_dt_companion(struct imx8qxp_ldb *imx8qxp_ldb) > > > * string. > > > */ > > > match = of_match_device(dev->driver->of_match_table, dev); > > > + if (!match) > > > + return -ENODEV; > > > if (!of_device_is_compatible(companion, match->compatible)) { > > > DRM_DEV_ERROR(dev, "companion LDB is incompatible\n"); > > > ret = -ENXIO; > > I think we can make it happen by designing the platform device in a way that > its name aligns with that of the driver. In such a scenario, when the driver > is probed, the of_match_device function will return null. You can verify this > functionality by reviewing the following function: > > static int platform_match(struct device *dev, struct device_driver *drv) This particular device is found in OF-based systems only, and only instantiated through DT. You can create a platform_device manually that may match this driver, but that would be a made-up situation, not something that can happen in practice.
On Tuesday, August 29, 2023 2:38 AM Laurent Pinchart <laurent.pinchart@ideasonboard.com> wrote: > On Tue, Aug 29, 2023 at 02:01:25AM +0800, Zhang Shurong wrote: > > 在 2023年8月29日星期二 CST 上午1:28:22,Laurent Pinchart 写道: > > > Hi Zhang, > > > > > > Thank you for the patch. > > > > > > On Tue, Aug 29, 2023 at 12:55:01AM +0800, Zhang Shurong wrote: > > > > of_match_device() may fail and returns a NULL pointer. > > > > > > How can it return a NULL pointer here ? > > > > > > > Fix this by checking the return value of of_match_device(). > > > > > > > > Fixes: 3818715f62b4 ("drm/bridge: imx: Add LDB support for i.MX8qxp") > > > > Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> > > > > --- > > > > > > > > drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 2 ++ > > > > 1 file changed, 2 insertions(+) > > > > > > > > diff --git a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > > > b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c index > > > > 7984da9c0a35..d272f35c8eac 100644 > > > > --- a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > > > +++ b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c > > > > @@ -488,6 +488,8 @@ static int > imx8qxp_ldb_parse_dt_companion(struct imx8qxp_ldb *imx8qxp_ldb) > > > > * string. > > > > */ > > > > match = of_match_device(dev->driver->of_match_table, dev); > > > > + if (!match) > > > > + return -ENODEV; > > > > if (!of_device_is_compatible(companion, match->compatible)) { > > > > DRM_DEV_ERROR(dev, "companion LDB is incompatible\n"); > > > > ret = -ENXIO; > > > > I think we can make it happen by designing the platform device in a way > that > > its name aligns with that of the driver. In such a scenario, when the driver > > is probed, the of_match_device function will return null. You can verify this > > functionality by reviewing the following function: > > > > static int platform_match(struct device *dev, struct device_driver *drv) > > This particular device is found in OF-based systems only, and only > instantiated through DT. You can create a platform_device manually that > may match this driver, but that would be a made-up situation, not > something that can happen in practice. > I agree with Laurent. Regards, Liu Ying
diff --git a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c index 7984da9c0a35..d272f35c8eac 100644 --- a/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c +++ b/drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c @@ -488,6 +488,8 @@ static int imx8qxp_ldb_parse_dt_companion(struct imx8qxp_ldb *imx8qxp_ldb) * string. */ match = of_match_device(dev->driver->of_match_table, dev); + if (!match) + return -ENODEV; if (!of_device_is_compatible(companion, match->compatible)) { DRM_DEV_ERROR(dev, "companion LDB is incompatible\n"); ret = -ENXIO;
of_match_device() may fail and returns a NULL pointer. Fix this by checking the return value of of_match_device(). Fixes: 3818715f62b4 ("drm/bridge: imx: Add LDB support for i.MX8qxp") Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> --- drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 2 ++ 1 file changed, 2 insertions(+)