| Message ID | 20221117090514.118296-1-tanghui20@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net,v2] net: mdio-ipq4019: fix possible invalid pointer dereference | expand |
On Thu, Nov 17, 2022 at 05:05:14PM +0800, Hui Tang wrote: > priv->eth_ldo_rdy is saved the return value of devm_ioremap_resource(), > which !IS_ERR() should be used to check. > > Fixes: 23a890d493e3 ("net: mdio: Add the reset function for IPQ MDIO driver") > Signed-off-by: Hui Tang <tanghui20@huawei.com> > --- > v1 -> v2: set priv->eth_ldo_rdy NULL, if devm_ioremap_resource() failed > --- > drivers/net/mdio/mdio-ipq4019.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/mdio/mdio-ipq4019.c b/drivers/net/mdio/mdio-ipq4019.c > index 4eba5a91075c..dfd1647eac36 100644 > --- a/drivers/net/mdio/mdio-ipq4019.c > +++ b/drivers/net/mdio/mdio-ipq4019.c > @@ -231,8 +231,11 @@ static int ipq4019_mdio_probe(struct platform_device *pdev) > /* The platform resource is provided on the chipset IPQ5018 */ > /* This resource is optional */ > res = platform_get_resource(pdev, IORESOURCE_MEM, 1); > - if (res) > + if (res) { > priv->eth_ldo_rdy = devm_ioremap_resource(&pdev->dev, res); > + if (IS_ERR(priv->eth_ldo_rdy)) > + priv->eth_ldo_rdy = NULL; > + } As i said, please add devm_ioremap_resource_optional(). Follow the concept of devm_clk_get_optional(), devm_gpiod_get_optional(), devm_reset_control_get_optional(), devm_reset_control_get_optional(), platform_get_irq_byname_optional() etc. All these will not return an error if the resource you are trying to get does not exist. They instead return NULL, or something which other API members understand as does not exist, but thats O.K. These functions however do return errors for real problem, ENOMEM, EINVAL etc. These should not be ignored. You should then use this new function for all your other patches where the resource is optional. Andrew
On 2022/11/17 21:57, Andrew Lunn wrote: > On Thu, Nov 17, 2022 at 05:05:14PM +0800, Hui Tang wrote: >> priv->eth_ldo_rdy is saved the return value of devm_ioremap_resource(), >> which !IS_ERR() should be used to check. >> >> Fixes: 23a890d493e3 ("net: mdio: Add the reset function for IPQ MDIO driver") >> Signed-off-by: Hui Tang <tanghui20@huawei.com> >> --- >> v1 -> v2: set priv->eth_ldo_rdy NULL, if devm_ioremap_resource() failed >> --- >> drivers/net/mdio/mdio-ipq4019.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/net/mdio/mdio-ipq4019.c b/drivers/net/mdio/mdio-ipq4019.c >> index 4eba5a91075c..dfd1647eac36 100644 >> --- a/drivers/net/mdio/mdio-ipq4019.c >> +++ b/drivers/net/mdio/mdio-ipq4019.c >> @@ -231,8 +231,11 @@ static int ipq4019_mdio_probe(struct platform_device *pdev) >> /* The platform resource is provided on the chipset IPQ5018 */ >> /* This resource is optional */ >> res = platform_get_resource(pdev, IORESOURCE_MEM, 1); >> - if (res) >> + if (res) { >> priv->eth_ldo_rdy = devm_ioremap_resource(&pdev->dev, res); >> + if (IS_ERR(priv->eth_ldo_rdy)) >> + priv->eth_ldo_rdy = NULL; >> + } > > As i said, please add devm_ioremap_resource_optional(). Follow the > concept of devm_clk_get_optional(), devm_gpiod_get_optional(), > devm_reset_control_get_optional(), devm_reset_control_get_optional(), > platform_get_irq_byname_optional() etc. > > All these will not return an error if the resource you are trying to > get does not exist. They instead return NULL, or something which other > API members understand as does not exist, but thats O.K. > > These functions however do return errors for real problem, ENOMEM, > EINVAL etc. These should not be ignored. > > You should then use this new function for all your other patches where > the resource is optional. I finally understand what you mean now. I need add devm_ioremap_resource_optional() helper, which return NULL if the resource does not exist, and if it return other errors we need to deal with errors. In my case, it returns -ENOMEM if the resource does not exist. So, the code should be as follows, is that right? + void __iomem *devm_ioremap_resource_optional(struct device *dev, + const struct resource *res) + { + void __iomem *base; + + base = __devm_ioremap_resource(dev, res, DEVM_IOREMAP); + if (IS_ERR(base) && PTR_ERR(base) == -ENOMEM) + return NULL; + + return base; + } [...] res = platform_get_resource(pdev, IORESOURCE_MEM, 1); - if (res) + if (res) { + priv->eth_ldo_rdy = devm_ioremap_resource_optional(&pdev->dev, res) + if (IS_ERR(priv->eth_ldo_rdy)) + return PTR_ERR(priv->eth_ldo_rdy); + } [...] thanks.
> So, the code should be as follows, is that right? > > + void __iomem *devm_ioremap_resource_optional(struct device *dev, > + const struct resource *res) > + { > + void __iomem *base; > + > + base = __devm_ioremap_resource(dev, res, DEVM_IOREMAP); > + if (IS_ERR(base) && PTR_ERR(base) == -ENOMEM) > + return NULL; > + > + return base; > + } > > > [...] > res = platform_get_resource(pdev, IORESOURCE_MEM, 1); > - if (res) > + if (res) { > + priv->eth_ldo_rdy = devm_ioremap_resource_optional(&pdev->dev, res) > + if (IS_ERR(priv->eth_ldo_rdy)) > + return PTR_ERR(priv->eth_ldo_rdy); > + } > [...] Yes, that is the basic concept. The only thing i might change is the double meaning of -ENOMEM. __devm_ioremap_resource() allocates memory, and if that memory allocation fails, it returns -ENOMEM. If the resource does not exist, it also returns -ENOMEM. So you cannot tell these two error conditions apart. Most of the other get_foo() calls return -ENODEV if the gpio/regulator/clock does not exist, so you can tell if you are out of memory. But ioremap is specifically about memory so -ENOMEM actually makes sense. If you are out of memory, it seems likely the problem is not going to go away quickly, so the next allocation will also fail, and hopefully the error handling will then work. So i don't think it is major issue. So yes, go with the code above. Andrew
On 2022/11/18 21:44, Andrew Lunn wrote: >> So, the code should be as follows, is that right? >> >> + void __iomem *devm_ioremap_resource_optional(struct device *dev, >> + const struct resource *res) >> + { >> + void __iomem *base; >> + >> + base = __devm_ioremap_resource(dev, res, DEVM_IOREMAP); >> + if (IS_ERR(base) && PTR_ERR(base) == -ENOMEM) >> + return NULL; >> + >> + return base; >> + } >> >> >> [...] >> res = platform_get_resource(pdev, IORESOURCE_MEM, 1); >> - if (res) >> + if (res) { >> + priv->eth_ldo_rdy = devm_ioremap_resource_optional(&pdev->dev, res) >> + if (IS_ERR(priv->eth_ldo_rdy)) >> + return PTR_ERR(priv->eth_ldo_rdy); >> + } >> [...] > > Yes, that is the basic concept. > > The only thing i might change is the double meaning of -ENOMEM. > __devm_ioremap_resource() allocates memory, and if that memory > allocation fails, it returns -ENOMEM. If the resource does not exist, > it also returns -ENOMEM. So you cannot tell these two error conditions > apart. Most of the other get_foo() calls return -ENODEV if the > gpio/regulator/clock does not exist, so you can tell if you are out of > memory. But ioremap is specifically about memory so -ENOMEM actually > makes sense. > > If you are out of memory, it seems likely the problem is not going to > go away quickly, so the next allocation will also fail, and hopefully > the error handling will then work. So i don't think it is major > issue. So yes, go with the code above. > Hi, Andrew My new patchset is ready, but I just found out that another patch has been applied to netdev/net.git. Can I solve the problem in present way? And I will add devm_ioremap_resource_optional() helper later to optimize related drivers. How about this? Thanks.
> Hi, Andrew > > My new patchset is ready, but I just found out that another patch has been > applied to netdev/net.git. Can I solve the problem in present way? And I > will add devm_ioremap_resource_optional() helper later to optimize related > drivers. How about this? This is one of those harder to merge changes. patches to lib/devres.c generally go via GregKH. Networking changes are merged via the netdev list. Did you find this issue via a static analyser? I assume you are running it over the entire tree and are finding problems in multiple subsystems? So devm_ioremap_resource_optional() is potentially going to be needed in lots of places? One way to get this merged is to cross post the patch adding devm_ioremap_resource_optional() and ask GregKH to ACK it, and then get netdev to merge it. You can then use it within the netdev subsystem. What you cannot do is use it in other subsystems until the next kernel cycle when it will be globally available. So three patches. One adding devm_ioremap_resource_optional(), one to revert the 'fix', and one with the real fix using devm_ioremap_resource_optional(). Andrew
On 2022/11/21 22:36, Andrew Lunn wrote: >> Hi, Andrew >> >> My new patchset is ready, but I just found out that another patch has been >> applied to netdev/net.git. Can I solve the problem in present way? And I >> will add devm_ioremap_resource_optional() helper later to optimize related >> drivers. How about this? > > This is one of those harder to merge changes. patches to lib/devres.c > generally go via GregKH. Networking changes are merged via the netdev > list. > > Did you find this issue via a static analyser? I assume you are > running it over the entire tree and are finding problems in multiple > subsystems? So devm_ioremap_resource_optional() is potentially going > to be needed in lots of places? Yes, I grep the entire drives, some drivers is really going to be needed for devm_ioremap_resource_optional() case. For example: drivers/mmc/host/mtk-sd.c drivers/mmc/host/sdhci-st.c drivers/ufs/host/ufs-qcom.c drivers/mfd/bcm2835-pm.c net/mdio/mdio-ipq4019.c drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c > One way to get this merged is to cross post the patch adding > devm_ioremap_resource_optional() and ask GregKH to ACK it, and then > get netdev to merge it. You can then use it within the netdev > subsystem. What you cannot do is use it in other subsystems until the > next kernel cycle when it will be globally available. > > So three patches. One adding devm_ioremap_resource_optional(), one to > revert the 'fix', and one with the real fix using > devm_ioremap_resource_optional(). Thanks
diff --git a/drivers/net/mdio/mdio-ipq4019.c b/drivers/net/mdio/mdio-ipq4019.c index 4eba5a91075c..dfd1647eac36 100644 --- a/drivers/net/mdio/mdio-ipq4019.c +++ b/drivers/net/mdio/mdio-ipq4019.c @@ -231,8 +231,11 @@ static int ipq4019_mdio_probe(struct platform_device *pdev) /* The platform resource is provided on the chipset IPQ5018 */ /* This resource is optional */ res = platform_get_resource(pdev, IORESOURCE_MEM, 1); - if (res) + if (res) { priv->eth_ldo_rdy = devm_ioremap_resource(&pdev->dev, res); + if (IS_ERR(priv->eth_ldo_rdy)) + priv->eth_ldo_rdy = NULL; + } bus->name = "ipq4019_mdio"; bus->read = ipq4019_mdio_read;
priv->eth_ldo_rdy is saved the return value of devm_ioremap_resource(), which !IS_ERR() should be used to check. Fixes: 23a890d493e3 ("net: mdio: Add the reset function for IPQ MDIO driver") Signed-off-by: Hui Tang <tanghui20@huawei.com> --- v1 -> v2: set priv->eth_ldo_rdy NULL, if devm_ioremap_resource() failed --- drivers/net/mdio/mdio-ipq4019.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)