| Message ID | 8d6e3656-1662-dc71-8876-c7f0f11a11b1@virtuozzo.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tpm_tis: extra chip->ops check on error path in tpm_tis_core_init | expand |
On Sat, Jun 13, 2020 at 05:18:33PM +0300, Vasily Averin wrote: > Found by smatch: > drivers/char/tpm/tpm_tis_core.c:1088 tpm_tis_core_init() warn: > variable dereferenced before check 'chip->ops' (see line 979) > > 'chip->ops' is assigned in the beginning of function > in tpmm_chip_alloc->tpm_chip_alloc > and is used before first possible goto to error path. > > Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> /Jarkko
On Sat Jun 13 20, Vasily Averin wrote: >Found by smatch: >drivers/char/tpm/tpm_tis_core.c:1088 tpm_tis_core_init() warn: > variable dereferenced before check 'chip->ops' (see line 979) > >'chip->ops' is assigned in the beginning of function >in tpmm_chip_alloc->tpm_chip_alloc >and is used before first possible goto to error path. > >Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> >--- > drivers/char/tpm/tpm_tis_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c >index 2435216..65ab1b0 100644 >--- a/drivers/char/tpm/tpm_tis_core.c >+++ b/drivers/char/tpm/tpm_tis_core.c >@@ -1085,7 +1085,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, > > return 0; > out_err: >- if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL)) >+ if (chip->ops->clk_enable != NULL) > chip->ops->clk_enable(chip, false); > > tpm_tis_remove(chip); >-- >1.8.3.1 >
On Tue, Jun 16, 2020 at 07:26:32PM -0700, Jerry Snitselaar wrote: > On Sat Jun 13 20, Vasily Averin wrote: > > Found by smatch: > > drivers/char/tpm/tpm_tis_core.c:1088 tpm_tis_core_init() warn: > > variable dereferenced before check 'chip->ops' (see line 979) > > > > 'chip->ops' is assigned in the beginning of function > > in tpmm_chip_alloc->tpm_chip_alloc > > and is used before first possible goto to error path. > > > > Signed-off-by: Vasily Averin <vvs@virtuozzo.com> > > Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Thanks, I added this to the commit. /Jarkko
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 2435216..65ab1b0 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -1085,7 +1085,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, return 0; out_err: - if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL)) + if (chip->ops->clk_enable != NULL) chip->ops->clk_enable(chip, false); tpm_tis_remove(chip);
Found by smatch: drivers/char/tpm/tpm_tis_core.c:1088 tpm_tis_core_init() warn: variable dereferenced before check 'chip->ops' (see line 979) 'chip->ops' is assigned in the beginning of function in tpmm_chip_alloc->tpm_chip_alloc and is used before first possible goto to error path. Signed-off-by: Vasily Averin <vvs@virtuozzo.com> --- drivers/char/tpm/tpm_tis_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)