Message ID | 20220107125308.4057544-1-jiasheng@iscas.ac.cn |
---|---|
State | Superseded |
Headers | show |
Series | [v3] ide: Check for null pointer after calling devm_ioremap | expand |
On 2022/01/07 21:53, Jiasheng Jiang wrote: > In linux-stable-5.15.13, this file has been removed and combined > to `drivers/ata/pata_platform.c` without this bug. > But in the older LTS kernels, like 5.10.90, this bug still exists. > As the possible failure of the devres_alloc(), the devm_ioremap() and > devm_ioport_map() may return NULL pointer. > And then, the 'base' and 'alt_base' are used in plat_ide_setup_ports(). > Therefore, it should be better to add the check in order to avoid the > dereference of the NULL pointer. > Actually, it introduced the bug from commit 8cb1f567f4c0 > ("ide: Platform IDE driver") and we can know from the commit message > that it tended to be similar to the `drivers/ata/pata_platform.c`. > But actually, even the first time pata_platform was built, > commit a20c9e820864 ("[PATCH] ata: Generic platform_device libata driver"), > there was no the bug, as there was a check after the ioremap(). > So possibly the bug was caused by ide itself. > > Fixes: 8cb1f567f4c0 ("ide: Platform IDE driver") > Cc: stable@vger.kernel.org#5.10 Please keep the space before the # Cc: stable@vger.kernel.org #5.10 > Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> > --- > Changelog > > v1 -> v2 > > * Change 1. Correct the fixes tag and commit message. > > v2 -> v3 > > * Change 1. Correct the code. As commented before, what exactly was corrected ? That is what needs to be mentioned here. In any case, I fail to see what code change you added between v2 and v3. The code changes are identical in the 2 versions. > --- > drivers/ide/ide_platform.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/ide/ide_platform.c b/drivers/ide/ide_platform.c > index 91639fd6c276..5500c5afb3ca 100644 > --- a/drivers/ide/ide_platform.c > +++ b/drivers/ide/ide_platform.c > @@ -85,6 +85,10 @@ static int plat_ide_probe(struct platform_device *pdev) > alt_base = devm_ioport_map(&pdev->dev, > res_alt->start, resource_size(res_alt)); > } > + if (!base || !alt_base) { > + ret = -ENOMEM; > + goto out; > + } > > memset(&hw, 0, sizeof(hw)); > plat_ide_setup_ports(&hw, base, alt_base, pdata, res_irq->start); Greg, The above patch is OK but cannot be applied in the current kernel: * The Legacy IDE drivers were removed in 5.14, replaced by the already existing * The current equivalent libata driver (drivers/ata/pata_platform.c) already has the above error check. So I think this patch needs to go directly to stable # 5.10 and earlier LTS kernels. Can you take it ? Feel free to add: Acked-by: Damien Le Moal <damien.lemoal@opensource.wdc.com> Note that I was not the maintainer of the IDE drivers. If more appropriate please feel free to replace that with a Reviewed-by tag. Thanks !
diff --git a/drivers/ide/ide_platform.c b/drivers/ide/ide_platform.c index 91639fd6c276..5500c5afb3ca 100644 --- a/drivers/ide/ide_platform.c +++ b/drivers/ide/ide_platform.c @@ -85,6 +85,10 @@ static int plat_ide_probe(struct platform_device *pdev) alt_base = devm_ioport_map(&pdev->dev, res_alt->start, resource_size(res_alt)); } + if (!base || !alt_base) { + ret = -ENOMEM; + goto out; + } memset(&hw, 0, sizeof(hw)); plat_ide_setup_ports(&hw, base, alt_base, pdata, res_irq->start);
In linux-stable-5.15.13, this file has been removed and combined to `drivers/ata/pata_platform.c` without this bug. But in the older LTS kernels, like 5.10.90, this bug still exists. As the possible failure of the devres_alloc(), the devm_ioremap() and devm_ioport_map() may return NULL pointer. And then, the 'base' and 'alt_base' are used in plat_ide_setup_ports(). Therefore, it should be better to add the check in order to avoid the dereference of the NULL pointer. Actually, it introduced the bug from commit 8cb1f567f4c0 ("ide: Platform IDE driver") and we can know from the commit message that it tended to be similar to the `drivers/ata/pata_platform.c`. But actually, even the first time pata_platform was built, commit a20c9e820864 ("[PATCH] ata: Generic platform_device libata driver"), there was no the bug, as there was a check after the ioremap(). So possibly the bug was caused by ide itself. Fixes: 8cb1f567f4c0 ("ide: Platform IDE driver") Cc: stable@vger.kernel.org#5.10 Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> --- Changelog v1 -> v2 * Change 1. Correct the fixes tag and commit message. v2 -> v3 * Change 1. Correct the code. --- drivers/ide/ide_platform.c | 4 ++++ 1 file changed, 4 insertions(+)