From ecc87eed7beeb50c0be0b73322d62135277ea2b0 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Wed, 5 Aug 2015 16:51:11 +0300 Subject: [PATCH 1/4] device property: fix potential NULL pointer dereference In device_add_property_set() we check pset parameter for a NULL, but few lines later we do a pointer arithmetic without check that will crash kernel in the set_secondary_fwnode(). Here we check if pset parameter is NULL and return immediately. Fixes: 16ba08d5c9ec (device property: Introduce firmware node type for platform data) Signed-off-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki --- drivers/base/property.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/base/property.c b/drivers/base/property.c index f3f6d167f3f1..37a7bb7b239d 100644 --- a/drivers/base/property.c +++ b/drivers/base/property.c @@ -27,9 +27,10 @@ */ void device_add_property_set(struct device *dev, struct property_set *pset) { - if (pset) - pset->fwnode.type = FWNODE_PDATA; + if (!pset) + return; + pset->fwnode.type = FWNODE_PDATA; set_secondary_fwnode(dev, &pset->fwnode); } EXPORT_SYMBOL_GPL(device_add_property_set); From 4f73b0654d8a954540d49bb0a300f31663423db9 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Mon, 10 Aug 2015 19:56:47 +0300 Subject: [PATCH 2/4] device property: fallback to pset when gettng one string The one string as an equivalent to an array of one element. Allow user to read one string as a plain string. Signed-off-by: Andy Shevchenko Reviewed-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki --- drivers/base/property.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/base/property.c b/drivers/base/property.c index 37a7bb7b239d..841b15c5c058 100644 --- a/drivers/base/property.c +++ b/drivers/base/property.c @@ -462,7 +462,8 @@ int fwnode_property_read_string(struct fwnode_handle *fwnode, return acpi_dev_prop_read(to_acpi_node(fwnode), propname, DEV_PROP_STRING, val, 1); - return -ENXIO; + return pset_prop_read_array(to_pset(fwnode), propname, + DEV_PROP_STRING, val, 1); } EXPORT_SYMBOL_GPL(fwnode_property_read_string); From 7dc59dc938f034c69dcf9080d45b936882b7ffa3 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Mon, 10 Aug 2015 19:56:48 +0300 Subject: [PATCH 3/4] device property: attach 'else if' to the proper 'if' Obviously in the current place the 'else' keyword is redundant, though it seems quite correct when we check if nval is in allowed range. Reattach the condition branch there. Signed-off-by: Andy Shevchenko Reviewed-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki --- drivers/acpi/property.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c index 7836e2e980f4..6d99450549c5 100644 --- a/drivers/acpi/property.c +++ b/drivers/acpi/property.c @@ -528,13 +528,14 @@ int acpi_dev_prop_read(struct acpi_device *adev, const char *propname, if (!val) return obj->package.count; - else if (nval <= 0) - return -EINVAL; if (nval > obj->package.count) return -EOVERFLOW; + else if (nval <= 0) + return -EINVAL; items = obj->package.elements; + switch (proptype) { case DEV_PROP_U8: ret = acpi_copy_property_array_u8(items, (u8 *)val, nval); From 4bf011815f2e093c7f60004f4f5683cf40b905b9 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Mon, 10 Aug 2015 19:56:46 +0300 Subject: [PATCH 4/4] device property: check fwnode type in to_of_node() Potentially one of platform can support both ACPI and OF. In that case when we call to_of_node() for non-OF fwnode types we will get non-NULL result, which is wrong. Check for the type and return a correspondent result. Signed-off-by: Andy Shevchenko Reviewed-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki --- include/linux/of.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/of.h b/include/linux/of.h index edc068d19c79..2194b8ca41f9 100644 --- a/include/linux/of.h +++ b/include/linux/of.h @@ -136,7 +136,8 @@ static inline bool is_of_node(struct fwnode_handle *fwnode) static inline struct device_node *to_of_node(struct fwnode_handle *fwnode) { - return fwnode ? container_of(fwnode, struct device_node, fwnode) : NULL; + return is_of_node(fwnode) ? + container_of(fwnode, struct device_node, fwnode) : NULL; } static inline bool of_have_populated_dt(void)