Re: [PATCH] board-dm644x-evm: fix 2 missing-check bugs in evm_led_setup()

From: Russell King - ARM Linux admin
Date: Sat Dec 28 2019 - 08:48:41 EST


On Sat, Dec 28, 2019 at 09:19:30PM +0800, Gen Zhang wrote:
> On Fri, Dec 27, 2019 at 04:01:42PM +0000, Russell King - ARM Linux admin wrote:
> > On Fri, Dec 27, 2019 at 10:39:21AM +0800, Gen Zhang wrote:
> > > In evm_led_setup(), the allocation result of platform_device_alloc() and
> > > platform_device_add_data() should be checked.
> > >
> > > Signed-off-by: Gen Zhang <blackgod016574@xxxxxxxxx>
> > > ---
> > > diff --git a/arch/arm/mach-davinci/board-dm644x-evm.c b/arch/arm/mach-davinci/board-dm644x-evm.c
> > > index 9d87d4e..9cd2785 100644
> > > --- a/arch/arm/mach-davinci/board-dm644x-evm.c
> > > +++ b/arch/arm/mach-davinci/board-dm644x-evm.c
> > > @@ -352,15 +352,20 @@ evm_led_setup(struct i2c_client *client, int gpio, unsigned ngpio, void *c)
> > > * device unregistration ...
> > > */
> > > evm_led_dev = platform_device_alloc("leds-gpio", 0);
> > > - platform_device_add_data(evm_led_dev,
> > > + if (!evm_led_dev)
> > > + return -ENOMEM;
> > > + status = platform_device_add_data(evm_led_dev,
> > > &evm_led_data, sizeof evm_led_data);
> > > + if (status)
> > > + goto err;
> > >
> > > evm_led_dev->dev.parent = &client->dev;
> > > status = platform_device_add(evm_led_dev);
> > > - if (status < 0) {
> > > - platform_device_put(evm_led_dev);
> > > - evm_led_dev = NULL;
> > > - }
> > > + if (status)
> > > + goto err;
> > > +err:
> > > + platform_device_put(evm_led_dev);
> > > + evm_led_dev = NULL;
> >
> > Please look again at the above change very closely. You will want to
> > send an updated patch.
> >
> > --
> > RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
> > FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up
> > According to speedtest.net: 11.9Mbps down 500kbps up
>
> Thanks for your reply. You mean the if (state < 0 ) to if (state) or
> anything else? Please point out directly.

This is the old everything-successful path through the code:

platform_device_alloc()
platform_device_add_data()
platform_device_add()
evm_led_dev is set to the device

This is the new everything-successful path through the code:

platform_device_alloc()
platform_device_add_data()
platform_device_add()
platform_device_put()
evm_led_dev = NULL

And, specifically, the code sequence (I quote from your patch):

if (status)
goto err;
err:

is very stupid; it might as well not exist at all.

Since other code references evm_led_dev, one can assume that we do
not want it to be NULL for the success path. So, taking all this
together, your patch is very very wrong, and I also find it very
worrying too.

--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up
According to speedtest.net: 11.9Mbps down 500kbps up