Re: [PATCH] staging: media: lirc: lirc_zilog: Fix for possible null pointer dereference

[Andy Walls]

On Fri, 2015-01-30 at 08:09 -0500, Valdis.Kletnieks@xxxxxx wrote:
> On Fri, 30 Jan 2015 16:00:02 +0300, Dan Carpenter said:
> 
> > > > -	if (ir == NULL) {
> > > > -		dev_err(ir->l.dev, "close: no private_data attached to the file
> !\n");
> > >

commit be4aa8157c981a8bb9634b886bf1180f97205259
removed the dprintk(), which didn't depend on ir->l.dev, with this
dev_err() call.  That was the wrong thing to do. pr_info() is probably
the right thing to use, if one doesn't have a struct device instance.  

> > > Yes, the dev_err() call is an obvious thinko.
> > >
> > > However, I'm not sure whether removing it entirely is right either.  If
> > > there *should* be a struct IR * passed there, maybe some other printk()
> > > should be issued, or even a WARN_ON(!ir), or something?
> >
> > We set filep->private_data to non-NULL in open() so I don't think it can
> > be NULL here.
> 
> Then probably the *right* fix is to remove the *entire* if statement, as
> we can't end up doing the 'return -ENODEV'....

The if() clause is here as an artifact of being part of a mass port of
lirc drivers from userspace.  I never removed it, because I needed it
when fixing all the lirc_zilog.c ref counting.

IF I got all the lirc_zilog ref counting right, and the upper layers of
the kernel never call close() in error, then this if() statement is not
needed.

I welcome anyone wishing to audit the ref-counting in lirc_zilog.  It
was mentally exhausting to get to what I think is right.  Maybe I just
tire easily mentally though. :)

-Andy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/