On Thu, Sep 05, 2019 at 02:06:26PM +0200, Uwe Kleine-König wrote:
> Hello,
>
> On Thu, Sep 05, 2019 at 12:57:28PM +0300, Dan Carpenter wrote:
> > The problem is we set "led_cdev->trigger = NULL;" and then dereference
> > it when we call write_lock_irqsave():
> >
> > write_lock_irqsave(&led_cdev->trigger->leddev_list_lock, flags);
> > ^^^^^^^^^^^^^^^^^
> >
> > Fixes: 2282e125a406 ("leds: triggers: let struct led_trigger::activate() return an error code")
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> Obviously right. Thanks for catching.
>
> Reviewed-by: Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx>
>
> Did you find this at runtime or by using some static checker?
Yes. It's a new one that I'm working on.
It's a tricky thing because it turns out Smatch thinks a whole lot of
pointers are definitely NULL when they aren't. For example, if the
struct is allocated with kzalloc() and Smatch doesn't see where the
pointer is assigned.
regards,
dan carpenter
