From patchwork Tue Feb 7 08:10:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andi Shyti X-Patchwork-Id: 9559355 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 97E446047A for ; Tue, 7 Feb 2017 08:10:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B6F92819A for ; Tue, 7 Feb 2017 08:10:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7EB57281C3; Tue, 7 Feb 2017 08:10:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2AA12204C2 for ; Tue, 7 Feb 2017 08:10:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753208AbdBGIKg (ORCPT ); Tue, 7 Feb 2017 03:10:36 -0500 Received: from mailout4.samsung.com ([203.254.224.34]:58522 "EHLO mailout4.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752783AbdBGIKe (ORCPT ); Tue, 7 Feb 2017 03:10:34 -0500 Received: from epcas1p2.samsung.com (unknown [182.195.41.46]) by mailout4.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0OKZ031H1W1KH710@mailout4.samsung.com>; Tue, 07 Feb 2017 17:10:32 +0900 (KST) Received: from epsmges5p2.samsung.com (unknown [182.195.40.68]) by epcas1p4.samsung.com (KnoxPortal) with ESMTP id 20170207081032epcas1p417ebe39b08985aa4a1db5878ff54c3ef~g8voCiuBy2088620886epcas1p4N; Tue, 7 Feb 2017 08:10:32 +0000 (GMT) Received: from epcas5p1.samsung.com ( [182.195.41.39]) by epsmges5p2.samsung.com (EPCPMTA) with SMTP id 99.BE.05006.8F089985; Tue, 7 Feb 2017 17:10:32 +0900 (KST) Received: from epcpsbgm2new.samsung.com (u27.gpu120.samsung.co.kr [203.254.230.27]) by epcas5p3.samsung.com (KnoxPortal) with ESMTP id 20170207081032epcas5p30d99ec5cfc68b71cd46bd0218101c22b~g8vnyLB2J1032610326epcas5p3D; Tue, 7 Feb 2017 08:10:32 +0000 (GMT) X-AuditID: b6c32a2d-f79836d00000138e-e3-589980f84aa2 Received: from epmmp2 ( [203.254.227.17]) by epcpsbgm2new.samsung.com (EPCPMTA) with SMTP id CE.43.06428.8F089985; Tue, 7 Feb 2017 17:10:32 +0900 (KST) Received: from gangnam.samsung ([10.113.62.47]) by mmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0OKZ00E5NW1GUZC0@mmp2.samsung.com>; Tue, 07 Feb 2017 17:10:32 +0900 (KST) From: Andi Shyti To: Krzysztof Kozlowski , Mark Brown Cc: Javier Martinez Canillas , linux-samsung-soc@vger.kernel.org, linux-spi@vger.kernel.org, linux-kernel@vger.kernel.org, Andi Shyti , Andi Shyti Subject: [PATCH 1/2] spi: s3c64xx: fix potential segmentation fault Date: Tue, 07 Feb 2017 17:10:24 +0900 Message-id: <20170207081025.9671-1-andi.shyti@samsung.com> X-Mailer: git-send-email 2.11.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrBKsWRmVeSWpSXmKPExsWy7bCmuu6PhpkRBl9vKltsP/KM1WLxj+dM FlMfPmGzePN2DZPF+fMb2C0u75rDZjHj/D4mi8aPN9kdODyuL/nE7LFpVSebx5b+u+wefVtW MXp83iQXwBqVapORmpiSWqSQmpecn5KZl26r5B0c7xxvamZgqGtoaWGupJCXmJtqq+TiE6Dr lpkDdIuSQlliTilQKCCxuFhJ386mKL+0JFUhI7+4xFYp2tDQSM/QwFzPyMhIz8Q41srIFKgk ITWj4/Np9oJWqYrNM9oYGxjni3YxcnJICJhI7J23jBnCFpO4cG89WxcjF4eQwFJGiaYlXVBO O5PEge9fGWE6Fq5YxQKRmMMo8eLmJ2YI5yOjxLbJD8BmsQloSjTd/sEGYosIeElMmHEPbBSz wG1GibmbFoCNEhZwlpg78ywLiM0ioCrx6uwlsGZeASuJ61sWQK2Tl9jVdpEVwn7MJnFqZ20X IweQLSux6QDU3S4SPZNaocqFJV4d38IOYUtL/F16CypeLrH24HYmkBskBFoYJX6/vMoGkTCW uP/gHtggZgE+id7fT5gg5vNKdLQJQZgeEmfuJ0NUO0p8erMV7BohgViJfd+XME1glF7AyLCK USy1oDg3PbXYtMBIrzgxt7g0L10vOT93EyM41Wjp7mD8ssD7EKMAB6MSD2/G5RkRQqyJZcWV uYcYJTiYlUR4j9XOjBDiTUmsrEotyo8vKs1JLT7EaAoMmInMUqLJ+cA0mFcSb2hiZmhiZAmE 5obmSuK8UQYTI4QE0hNLUrNTUwtSi2D6mDg4pRoYg7hX8rX/MXbqn/GYzU5HbvHKW7W/Xwib bpy4fEqw3lE3fuMfx5Y+0OzYddSE7/vLmKVKT53S92i4a64W4tpVypvRJdvkvvHgEa9Wx1sx O+1jqyO2h5dYfa18/6jthODq7Zv2LnhTnp805dCZb+55+fY7Js+Qci0qethncPesycKzSr/2 nLjcrsRSnJFoqMVcVJwIAL1VttpLAwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrNLMWRmVeSWpSXmKPExsVy+t9jQd0fDTMjDDaeFbbYfuQZq8XiH8+Z LKY+fMJm8ebtGiaL8+c3sFtc3jWHzWLG+X1MFo0fb7I7cHhcX/KJ2WPTqk42jy39d9k9+ras YvT4vEkugDXKzSYjNTEltUghNS85PyUzL91WKTTETddCSSEvMTfVVilC1zckSEmhLDGnFMgz MkADDs4B7sFK+nYJbhkdn0+zF7RKVWye0cbYwDhftIuRk0NCwERi4YpVLBC2mMSFe+vZuhi5 OIQEZjFKfDvQC+V8ZJQ4v/UbO0gVm4CmRNPtH2wgtoiAl8SEGffAipgFbjNKfNq1hxkkISzg LDF35lmwsSwCqhKvzl4Ci/MKWElc37KAEWKdvMSutousExi5FzAyrGKUSC1ILihOSs81ykst 1ytOzC0uzUvXS87P3cQIDthn0jsYD+9yP8QowMGoxMMbwDkzQog1say4MvcQowQHs5II77Fa oBBvSmJlVWpRfnxRaU5q8SFGU6ADJjJLiSbnA6MpryTe0MTcxNzYwMLc0tLESEmct3H2s3Ah gfTEktTs1NSC1CKYPiYOTqkGRjZ5jb8Sc1RDzj85cfNkZHFtXHBb2+/KqIiqLWcfGWVe/CLS ZLSqS/FOSsGfKb+dmXSPNmUfn8Q1bcXaP8s7DE5fUprvmmYV9uh/l8DkL05czQ/r68NFr034 ufrY2V8TdqdMKdscqLV26UYNi1oF05wvzdNmdJ942OXrsGWl1qL4becD94vLdCmxFGckGmox FxUnAgBVcXcwbgIAAA== X-MTR: 20000000000000000@CPGS X-CMS-MailID: 20170207081032epcas5p30d99ec5cfc68b71cd46bd0218101c22b X-Msg-Generator: CA X-Sender-IP: 203.254.230.27 X-Local-Sender: =?UTF-8?B?7JWI65SUG1RpemVuIFBsYXRmb3JtIExhYihTL1fshLzthLAp?= =?UTF-8?B?G+yCvOyEseyghOyekBvssYXsnoQ=?= X-Global-Sender: =?UTF-8?B?QW5kaSBTaHl0aRtUaXplbiBQbGF0Zm9ybSBMYWIuG1NhbXN1?= =?UTF-8?B?bmcgRWxlY3Ryb25pY3MbU2VuaW9yIEVuZ2luZWVy?= X-Sender-Code: =?UTF-8?B?QzEwG1NUQUYbQzEwVjgxMTE=?= CMS-TYPE: 105P DLP-Filter: Pass X-CFilter-Loop: Reflected X-HopCount: 7 X-CMS-RootMailID: 20170207081032epcas5p30d99ec5cfc68b71cd46bd0218101c22b X-RootMTR: 20170207081032epcas5p30d99ec5cfc68b71cd46bd0218101c22b References: Sender: linux-spi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-spi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The return value of dmaengine_prep_slave_sg is not checked, but eventually it can fail and in that case return 'NULL' causing a segmentation fault. Check dmaengine_prep_slave_sg return value and exit in case of failure. For doing this all the 'void' functions involved has been turned to 'int'. This patch fixes '1397997 Dereference null return value' from scan.coverity.com Signed-off-by: Andi Shyti --- drivers/spi/spi-s3c64xx.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c index b392cca8fa4f..f6ea9ae047ec 100644 --- a/drivers/spi/spi-s3c64xx.c +++ b/drivers/spi/spi-s3c64xx.c @@ -276,7 +276,7 @@ static void s3c64xx_spi_dmacb(void *data) spin_unlock_irqrestore(&sdd->lock, flags); } -static void prepare_dma(struct s3c64xx_spi_dma_data *dma, +static int prepare_dma(struct s3c64xx_spi_dma_data *dma, struct sg_table *sgt) { struct s3c64xx_spi_driver_data *sdd; @@ -305,12 +305,16 @@ static void prepare_dma(struct s3c64xx_spi_dma_data *dma, desc = dmaengine_prep_slave_sg(dma->ch, sgt->sgl, sgt->nents, dma->direction, DMA_PREP_INTERRUPT); + if (!desc) + return -EINVAL; desc->callback = s3c64xx_spi_dmacb; desc->callback_param = dma; dmaengine_submit(desc); dma_async_issue_pending(dma->ch); + + return 0; } static void s3c64xx_spi_set_cs(struct spi_device *spi, bool enable) @@ -360,12 +364,13 @@ static bool s3c64xx_spi_can_dma(struct spi_master *master, return xfer->len > (FIFO_LVL_MASK(sdd) >> 1) + 1; } -static void enable_datapath(struct s3c64xx_spi_driver_data *sdd, +static int enable_datapath(struct s3c64xx_spi_driver_data *sdd, struct spi_device *spi, struct spi_transfer *xfer, int dma_mode) { void __iomem *regs = sdd->regs; u32 modecfg, chcfg; + int ret; modecfg = readl(regs + S3C64XX_SPI_MODE_CFG); modecfg &= ~(S3C64XX_SPI_MODE_TXDMA_ON | S3C64XX_SPI_MODE_RXDMA_ON); @@ -391,7 +396,9 @@ static void enable_datapath(struct s3c64xx_spi_driver_data *sdd, chcfg |= S3C64XX_SPI_CH_TXCH_ON; if (dma_mode) { modecfg |= S3C64XX_SPI_MODE_TXDMA_ON; - prepare_dma(&sdd->tx_dma, &xfer->tx_sg); + ret = prepare_dma(&sdd->tx_dma, &xfer->tx_sg); + if (ret) + return ret; } else { switch (sdd->cur_bpw) { case 32: @@ -423,12 +430,16 @@ static void enable_datapath(struct s3c64xx_spi_driver_data *sdd, writel(((xfer->len * 8 / sdd->cur_bpw) & 0xffff) | S3C64XX_SPI_PACKET_CNT_EN, regs + S3C64XX_SPI_PACKET_CNT); - prepare_dma(&sdd->rx_dma, &xfer->rx_sg); + ret = prepare_dma(&sdd->rx_dma, &xfer->rx_sg); + if (ret) + return ret; } } writel(modecfg, regs + S3C64XX_SPI_MODE_CFG); writel(chcfg, regs + S3C64XX_SPI_CH_CFG); + + return 0; } static u32 s3c64xx_spi_wait_for_timeout(struct s3c64xx_spi_driver_data *sdd, @@ -677,7 +688,9 @@ static int s3c64xx_spi_transfer_one(struct spi_master *master, sdd->state &= ~RXBUSY; sdd->state &= ~TXBUSY; - enable_datapath(sdd, spi, xfer, use_dma); + status = enable_datapath(sdd, spi, xfer, use_dma); + if (status) + return status; /* Start the signals */ s3c64xx_spi_set_cs(spi, true);