diff mbox series

[v4,RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

Message ID 20240815014511.147065-1-make24@iscas.ac.cn (mailing list archive)
State New
Headers show
Series [v4,RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id() | expand

Commit Message

Ma Ke Aug. 15, 2024, 1:45 a.m. UTC 
In _emif_get_id(), of_get_address() may return NULL which is later
dereferenced. Fix this bug by adding NULL check. of_translate_address() is
the same.

Found by code review.

Cc: stable@vger.kernel.org
Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Changes in v4:
- added the check of of_translate_address() as suggestions.
Changes in v3:
- added the patch operations omitted in PATCH v2 RESEND compared to PATCH 
v2. Sorry for my oversight.
Changes in v2:
- added Cc stable line.
---
 drivers/edac/ti_edac.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

kernel test robot Aug. 16, 2024, 1:39 a.m. UTC | #1 
Hi Ma,

kernel test robot noticed the following build warnings:

[auto build test WARNING on ras/edac-for-next]
[also build test WARNING on linus/master v6.11-rc3 next-20240815]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Ma-Ke/EDAC-ti-Fix-possible-null-pointer-dereference-in-_emif_get_id/20240815-094801
base:   https://git.kernel.org/pub/scm/linux/kernel/git/ras/ras.git edac-for-next
patch link:    https://lore.kernel.org/r/20240815014511.147065-1-make24%40iscas.ac.cn
patch subject: [PATCH v4 RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()
config: arm-randconfig-002-20240816 (https://download.01.org/0day-ci/archive/20240816/202408160935.A6QFliqt-lkp@intel.com/config)
compiler: clang version 20.0.0git (https://github.com/llvm/llvm-project f86594788ce93b696675c94f54016d27a6c21d18)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240816/202408160935.A6QFliqt-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202408160935.A6QFliqt-lkp@intel.com/

All warnings (new ones prefixed by >>):

   In file included from drivers/edac/ti_edac.c:28:
   In file included from drivers/edac/edac_module.h:15:
   In file included from drivers/edac/edac_mc.h:30:
   In file included from include/linux/pci.h:1646:
   In file included from include/linux/dmapool.h:14:
   In file included from include/linux/scatterlist.h:8:
   In file included from include/linux/mm.h:2228:
   include/linux/vmstat.h:514:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion]
     514 |         return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_"
         |                               ~~~~~~~~~~~ ^ ~~~
>> drivers/edac/ti_edac.c:214:14: warning: result of comparison of constant 18446744073709551615 with expression of type 'u32' (aka 'unsigned int') is always false [-Wtautological-constant-out-of-range-compare]
     214 |         if (my_addr == OF_BAD_ADDR)
         |             ~~~~~~~ ^  ~~~~~~~~~~~
   drivers/edac/ti_edac.c:226:12: warning: result of comparison of constant 18446744073709551615 with expression of type 'u32' (aka 'unsigned int') is always false [-Wtautological-constant-out-of-range-compare]
     226 |                 if (addr == OF_BAD_ADDR)
         |                     ~~~~ ^  ~~~~~~~~~~~
   3 warnings generated.


vim +214 drivers/edac/ti_edac.c

   201	
   202	static int _emif_get_id(struct device_node *node)
   203	{
   204		struct device_node *np;
   205		const __be32 *addrp;
   206		u32 addr, my_addr;
   207		int my_id = 0;
   208	
   209		addrp = of_get_address(node, 0, NULL, NULL);
   210		if (!addrp)
   211			return -EINVAL;
   212	
   213		my_addr = (u32)of_translate_address(node, addrp);
 > 214		if (my_addr == OF_BAD_ADDR)
   215			return -EINVAL;
   216	
   217		for_each_matching_node(np, ti_edac_of_match) {
   218			if (np == node)
   219				continue;
   220	
   221			addrp = of_get_address(np, 0, NULL, NULL);
   222			if (!addrp)
   223				return -EINVAL;
   224	
   225			addr = (u32)of_translate_address(np, addrp);
   226			if (addr == OF_BAD_ADDR)
   227				return -EINVAL;
   228	
   229			edac_printk(KERN_INFO, EDAC_MOD_NAME,
   230				    "addr=%x, my_addr=%x\n",
   231				    addr, my_addr);
   232	
   233			if (addr < my_addr)
   234				my_id++;
   235		}
   236	
   237		return my_id;
   238	}
   239
diff mbox series

Patch

diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c
index 29723c9592f7..f466f12630d3 100644
--- a/drivers/edac/ti_edac.c
+++ b/drivers/edac/ti_edac.c
@@ -207,14 +207,24 @@  static int _emif_get_id(struct device_node *node)
 	int my_id = 0;
 
 	addrp = of_get_address(node, 0, NULL, NULL);
+	if (!addrp)
+		return -EINVAL;
+
 	my_addr = (u32)of_translate_address(node, addrp);
+	if (my_addr == OF_BAD_ADDR)
+		return -EINVAL;
 
 	for_each_matching_node(np, ti_edac_of_match) {
 		if (np == node)
 			continue;
 
 		addrp = of_get_address(np, 0, NULL, NULL);
+		if (!addrp)
+			return -EINVAL;
+
 		addr = (u32)of_translate_address(np, addrp);
+		if (addr == OF_BAD_ADDR)
+			return -EINVAL;
 
 		edac_printk(KERN_INFO, EDAC_MOD_NAME,
 			    "addr=%x, my_addr=%x\n",