Re: [usb-gadget-udc] question about null check after calling phys_to_virt() function
Hi Felipe, Quoting Felipe Balbi: Hi, "Gustavo A. R. Silva" writes: Hello everybody, While looking into Coverity ID 145958 I ran into the following piece of code at drivers/usb/gadget/udc/amd5536udc.c:852: } else if (i == buf_len) { /* first td */ td = (struct udc_data_dma *)phys_to_virt( req->td_data->next); td->status = 0; } else { td = (struct udc_data_dma *)phys_to_virt(last->next); td->status = 0; } if (td) td->bufptr = req->req.dma + i; /* assign buffer */ else break; The issue here is that _td_ pointer is being dereferenced before null check. After searching for calls to phys_to_virt() function, I've noticed that is not common at all to test the returned address value. So either the null check at line 862 is not needed or a null check before each td->status = 0; needs to be added. just remove the previous null check I get it. Thanks! -- Gustavo A. R. Silva -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [usb-gadget-udc] question about null check after calling phys_to_virt() function
Hi, "Gustavo A. R. Silva"writes: > Hello everybody, > > While looking into Coverity ID 145958 I ran into the following piece > of code at drivers/usb/gadget/udc/amd5536udc.c:852: > > } else if (i == buf_len) { > /* first td */ > td = (struct udc_data_dma *)phys_to_virt( > req->td_data->next); > td->status = 0; > } else { > td = (struct udc_data_dma *)phys_to_virt(last->next); > td->status = 0; > } > > if (td) > td->bufptr = req->req.dma + i; /* assign buffer */ > else > break; > > The issue here is that _td_ pointer is being dereferenced before null check. > > After searching for calls to phys_to_virt() function, I've noticed > that is not common at all to test the returned address value. > > So either the null check at line 862 is not needed or a null check > before each td->status = 0; needs to be added. just remove the previous null check -- balbi signature.asc Description: PGP signature