Re: PM / devfreq: map devfreq drivers to governor using name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 28/10/2020 12:00, Colin Ian King wrote:
> Hi,
> 
> Static analysis of linux-next with Coverity has found a potential null
> pointer dereference issue with the following commit:
> 
> commit 1b5c1be2c88e8445a20fa1929e26c37e7ca8c926
> Author: Nishanth Menon <nm@xxxxxx>
> Date:   Mon Oct 29 15:01:45 2012 -0500
> 
>     PM / devfreq: map devfreq drivers to governor using name
> 
> 
> The analysis is as follows for devfreq_remove_governor in
> drivers/devfreq/devfreq.c
> 
> 1312
> 
> deref_ptr_in_call: Dereferencing pointer devfreq->governor.
> 
> 1313                if (!strncmp(devfreq->governor->name, governor->name,
> 1314                             DEVFREQ_NAME_LEN)) {
> 1315                        /* we should have a devfreq governor! */
> 
> Dereference before null check (REVERSE_INULL)
> check_after_deref: Null-checking devfreq->governor suggests that it may
> be null, but it has already been dereferenced on all paths leading to
> the check.
> 
> 1316                        if (!devfreq->governor) {
> 1317                                dev_warn(dev, "%s: Governor %s NOT
> present\n",
> 1318                                         __func__, governor->name);
> 1319                                continue;
> 1320                                /* Fall through */
> 
> So devfreq->governor->name is dereferencing devfreq->governor before a
> null check on devfreq->governor
> 
> Colin
> 

I forgot to mention, an identical issue also exists here:

1247        list_for_each_entry(devfreq, &devfreq_list, node) {
1248                int ret = 0;
1249                struct device *dev = devfreq->dev.parent;
1250

deref_ptr_in_call: Dereferencing pointer devfreq->governor.

1251                if (!strncmp(devfreq->governor->name, governor->name,
1252                             DEVFREQ_NAME_LEN)) {
1253                        /* The following should never occur */

Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking devfreq->governor suggests that it may
be null, but it has already been dereferenced on all paths leading to
the check.

1254                        if (devfreq->governor) {
1255                                dev_warn(dev,
1256                                         "%s: Governor %s already
present\n",
1257                                         __func__,
devfreq->governor->name);




[Index of Archives]     [Linux SoC Development]     [Linux Rockchip Development]     [Linux for Synopsys ARC Processors]    
  • [Linux on Unisoc (RDA Micro) SoCs]     [Linux Actions SoC]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Linux SCSI]     [Yosemite News]

  •   Powered by Linux