Based on the following report from Smatch tool, make sure we have a valid drvdata before we dereference it to find the real dev.
The patch 21d26b905c05: "coresight: etm: Clean up device specific data" from May 22, 2019, leads to the following Smatch complaint:
./drivers/hwtracing/coresight/coresight-etm3x.c:460 etm_get_trace_id() warn: variable dereferenced before check 'drvdata' (see line 458)
./drivers/hwtracing/coresight/coresight-etm3x.c 457 int trace_id = -1; 458 struct device *etm_dev = drvdata->csdev->dev.parent; ^^^^^^^^^ New dereference
459 460 if (!drvdata) ^^^^^^^^ Checked too late. Delete the check?
461 goto out; 462
Cc: Mathieu Poirier mathieu.poirier@linaro.org Cc: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Suzuki K Poulose suzuki.poulose@arm.com --- drivers/hwtracing/coresight/coresight-etm3x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm3x.c b/drivers/hwtracing/coresight/coresight-etm3x.c index bed7291..225c298 100644 --- a/drivers/hwtracing/coresight/coresight-etm3x.c +++ b/drivers/hwtracing/coresight/coresight-etm3x.c @@ -455,11 +455,12 @@ int etm_get_trace_id(struct etm_drvdata *drvdata) { unsigned long flags; int trace_id = -1; - struct device *etm_dev = drvdata->csdev->dev.parent; + struct device *etm_dev;
if (!drvdata) goto out;
+ etm_dev = drvdata->csdev->dev.parent; if (!local_read(&drvdata->mode)) return drvdata->traceid;
Based on the following report from Smatch, fix the potential NULL pointer dereference check.
The patch 743256e214e8: "coresight: tmc: Clean up device specific data" from May 22, 2019, leads to the following Smatch complaint:
drivers/hwtracing/coresight/coresight-tmc-etr.c:625 tmc_etr_free_flat_buf() warn: variable dereferenced before check 'flat_buf' (see line 623)
drivers/hwtracing/coresight/coresight-tmc-etr.c 622 struct etr_flat_buf *flat_buf = etr_buf->private; 623 struct device *real_dev = flat_buf->dev->parent; ^^^^^^^^^^ The patch introduces a new NULL check
624 625 if (flat_buf && flat_buf->daddr) ^^^^^^^^ but the existing code assumed it can be NULL.
626 dma_free_coherent(real_dev, flat_buf->size, 627 flat_buf->vaddr, flat_buf->daddr);
Cc: Dan Carpenter dan.carpenter@oracle.com Cc: Mathieu Poirier mathieu.poirier@linaro.org Signed-off-by: Suzuki K Poulose suzuki.poulose@arm.com --- drivers/hwtracing/coresight/coresight-tmc-etr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c index 5d2bf6d..1700670 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c @@ -620,11 +620,13 @@ static int tmc_etr_alloc_flat_buf(struct tmc_drvdata *drvdata, static void tmc_etr_free_flat_buf(struct etr_buf *etr_buf) { struct etr_flat_buf *flat_buf = etr_buf->private; - struct device *real_dev = flat_buf->dev->parent;
- if (flat_buf && flat_buf->daddr) + if (flat_buf && flat_buf->daddr) { + struct device *real_dev = flat_buf->dev->parent; + dma_free_coherent(real_dev, flat_buf->size, flat_buf->vaddr, flat_buf->daddr); + } kfree(flat_buf); }
On Thu, 13 Jun 2019 at 04:06, Suzuki K Poulose suzuki.poulose@arm.com wrote:
Based on the following report from Smatch tool, make sure we have a valid drvdata before we dereference it to find the real dev.
The patch 21d26b905c05: "coresight: etm: Clean up device specific data" from May 22, 2019, leads to the following Smatch complaint:
./drivers/hwtracing/coresight/coresight-etm3x.c:460 etm_get_trace_id() warn: variable dereferenced before check 'drvdata' (see line 458)./drivers/hwtracing/coresight/coresight-etm3x.c 457 int trace_id = -1; 458 struct device *etm_dev = drvdata->csdev->dev.parent; ^^^^^^^^^ New dereference
459 460 if (!drvdata) ^^^^^^^^ Checked too late. Delete the check?
461 goto out; 462
Cc: Mathieu Poirier mathieu.poirier@linaro.org Cc: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Suzuki K Poulose suzuki.poulose@arm.com
drivers/hwtracing/coresight/coresight-etm3x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm3x.c b/drivers/hwtracing/coresight/coresight-etm3x.c index bed7291..225c298 100644 --- a/drivers/hwtracing/coresight/coresight-etm3x.c +++ b/drivers/hwtracing/coresight/coresight-etm3x.c @@ -455,11 +455,12 @@ int etm_get_trace_id(struct etm_drvdata *drvdata) { unsigned long flags; int trace_id = -1;
struct device *etm_dev = drvdata->csdev->dev.parent;
struct device *etm_dev; if (!drvdata) goto out;etm_dev = drvdata->csdev->dev.parent; if (!local_read(&drvdata->mode)) return drvdata->traceid;
I have applied both patches in this set.
Thanks, Mathieu
-- 2.7.4
-
Mathieu Poirier -
Suzuki K Poulose