On Tue, Jan 25, 2022 at 12:45:25AM +0800, Zhou Qingyang wrote: > In __pata_platform_probe(), devm_kzalloc() is assigned to ap->ops and > there is a dereference of it right after that, which could introduce a > NULL pointer dereference bug. > > Fix this by adding a NULL check of ap->ops. > > This bug was found by a static analyzer. > > Builds with 'make allyesconfig' show no new warnings, > and our static analyzer no longer warns about this code. > > Fixes: f3d5e4f18dba ("ata: pata_of_platform: Allow to use 16-bit wide data transfer") > Signed-off-by: Zhou Qingyang <zhou1615@xxxxxxx> > --- As stated in the past, please do not make contributions to the Linux kernel until umn.edu has properly resolved its development issues. > The analysis employs differential checking to identify inconsistent > security operations (e.g., checks or kfrees) between two code paths > and confirms that the inconsistent operations are not recovered in the > current function or the callers, so they constitute bugs. > > Note that, as a bug found by static analysis, it can be a false > positive or hard to trigger. Multiple researchers have cross-reviewed > the bug. > > drivers/ata/pata_platform.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/ata/pata_platform.c b/drivers/ata/pata_platform.c > index 028329428b75..021ef9cbcbc1 100644 > --- a/drivers/ata/pata_platform.c > +++ b/drivers/ata/pata_platform.c > @@ -128,6 +128,8 @@ int __pata_platform_probe(struct device *dev, struct resource *io_res, > ap = host->ports[0]; > > ap->ops = devm_kzalloc(dev, sizeof(*ap->ops), GFP_KERNEL); > + if (ap->ops) > + return -ENOMEM; This change seems to leak memory. Damien, please revert it. thanks, greg k-h