Patchwork ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value

login
register
mail settings
Submitter Lorenzo Pieralisi
Date Nov. 29, 2018, 9:55 a.m.
Message ID <20181129095559.26007-1-lorenzo.pieralisi@arm.com>
Download mbox | patch
Permalink /patch/667997/
State New
Headers show

Comments

Lorenzo Pieralisi - Nov. 29, 2018, 9:55 a.m.
Running the Clang static analyzer on IORT code detected the following
error:

Logic error: Branch condition evaluates to a garbage value

in

iort_get_platform_device_domain()

If the named component associated with a given device has no IORT
mappings, iort_get_platform_device_domain() exits its MSI mapping loop
with msi_parent pointer containing garbage, which can lead to erroneous
code path execution.

Initialize the msi_parent pointer, fixing the bug.

Fixes: d4f54a186667 ("ACPI: platform: setup MSI domain for ACPI based
platform device")
Reported-by: Patrick Bellasi <patrick.bellasi@arm.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Hanjun Guo <hanjun.guo@linaro.org>
Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
---
 drivers/acpi/arm64/iort.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Hanjun Guo - Nov. 29, 2018, 11:34 a.m.
On 2018/11/29 17:55, Lorenzo Pieralisi wrote:
> Running the Clang static analyzer on IORT code detected the following
> error:
> 
> Logic error: Branch condition evaluates to a garbage value
> 
> in
> 
> iort_get_platform_device_domain()
> 
> If the named component associated with a given device has no IORT
> mappings, iort_get_platform_device_domain() exits its MSI mapping loop
> with msi_parent pointer containing garbage, which can lead to erroneous
> code path execution.

Not sure if we have such use cases that named component associated with
a given device has no IORT mappings, but this patch still make sense to
me,

Reviewed-by: Hanjun Guo <hanjun.guo@linaro.org>

Thanks
Hanjun
Lorenzo Pieralisi - Nov. 29, 2018, 4:49 p.m.
On Thu, Nov 29, 2018 at 07:34:40PM +0800, Hanjun Guo wrote:
> On 2018/11/29 17:55, Lorenzo Pieralisi wrote:
> > Running the Clang static analyzer on IORT code detected the following
> > error:
> > 
> > Logic error: Branch condition evaluates to a garbage value
> > 
> > in
> > 
> > iort_get_platform_device_domain()
> > 
> > If the named component associated with a given device has no IORT
> > mappings, iort_get_platform_device_domain() exits its MSI mapping loop
> > with msi_parent pointer containing garbage, which can lead to erroneous
> > code path execution.
> 
> Not sure if we have such use cases that named component associated with
> a given device has no IORT mappings, but this patch still make sense to
> me,

Yes, it is to make the kernel more robust against questionable (but valid)
firmware bindings.

Thanks,
Lorenzo
Will Deacon - Nov. 30, 2018, 1:21 p.m.
On Thu, Nov 29, 2018 at 09:55:59AM +0000, Lorenzo Pieralisi wrote:
> Running the Clang static analyzer on IORT code detected the following
> error:
> 
> Logic error: Branch condition evaluates to a garbage value
> 
> in
> 
> iort_get_platform_device_domain()
> 
> If the named component associated with a given device has no IORT
> mappings, iort_get_platform_device_domain() exits its MSI mapping loop
> with msi_parent pointer containing garbage, which can lead to erroneous
> code path execution.
> 
> Initialize the msi_parent pointer, fixing the bug.
> 
> Fixes: d4f54a186667 ("ACPI: platform: setup MSI domain for ACPI based
> platform device")
> Reported-by: Patrick Bellasi <patrick.bellasi@arm.com>
> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: Hanjun Guo <hanjun.guo@linaro.org>
> Cc: Sudeep Holla <sudeep.holla@arm.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
> ---
>  drivers/acpi/arm64/iort.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Acked-by: Will Deacon <will.deacon@arm.com>

Looks like one for 4.20.

Will

> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> index 2a361e22d38d..70f4e80b9246 100644
> --- a/drivers/acpi/arm64/iort.c
> +++ b/drivers/acpi/arm64/iort.c
> @@ -700,7 +700,7 @@ static void iort_set_device_domain(struct device *dev,
>   */
>  static struct irq_domain *iort_get_platform_device_domain(struct device *dev)
>  {
> -	struct acpi_iort_node *node, *msi_parent;
> +	struct acpi_iort_node *node, *msi_parent = NULL;
>  	struct fwnode_handle *iort_fwnode;
>  	struct acpi_iort_its_group *its;
>  	int i;
> -- 
> 2.19.2
>

Patch

diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
index 2a361e22d38d..70f4e80b9246 100644
--- a/drivers/acpi/arm64/iort.c
+++ b/drivers/acpi/arm64/iort.c
@@ -700,7 +700,7 @@  static void iort_set_device_domain(struct device *dev,
  */
 static struct irq_domain *iort_get_platform_device_domain(struct device *dev)
 {
-	struct acpi_iort_node *node, *msi_parent;
+	struct acpi_iort_node *node, *msi_parent = NULL;
 	struct fwnode_handle *iort_fwnode;
 	struct acpi_iort_its_group *its;
 	int i;