https://bugzilla.kernel.org/show_bug.cgi?id=200487 Bug ID: 200487 Summary: drivers\bluetooth\hci_bcm.c unchecked return value of devm_clk_get() in function bcm_get_resources() Product: Drivers Version: 2.5 Kernel Version: linux-4.18-rc4 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Bluetooth Assignee: linux-bluetooth@xxxxxxxxxxxxxxx Reporter: guzx14@xxxxxxxxxxxxxxxxxxxxx Regression: No Function devm_clk_get() returns an ERR_PTR when it fails. However, in function bcm_get_resources(), its return value is not checked, and will result in bad memory access. Even though the second parameter is NULL, we find that other usages of devm_clk_get(*, NULL) have been checked. linux-4.18-rc1\drivers\bluetooth\hci_bcm.c static int bcm_get_resources(struct bcm_device *dev) { const struct dmi_system_id *dmi_id; dev->name = dev_name(dev->dev); if (x86_apple_machine && !bcm_apple_get_resources(dev)) return 0; dev->clk = devm_clk_get(dev->dev, NULL); dev->device_wakeup = devm_gpiod_get_optional(dev->dev, "device-wakeup", GPIOD_OUT_LOW); if (IS_ERR(dev->device_wakeup)) return PTR_ERR(dev->device_wakeup) linux-4.18-rc1\drivers\bus\imx-weim.c: 188: clk = devm_clk_get(&pdev->dev, NULL); 189 if (IS_ERR(clk)) 190 return PTR_ERR(clk); ZG IMChecker Group, THU -- You are receiving this mail because: You are the assignee for the bug.-- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
