Re: [PATCH V2 2/2] thermal/of: accessing potential uninitialized value
From: Rafael J. Wysocki
Date: Tue Aug 22 2023 - 15:23:55 EST
On Mon, Jul 24, 2023 at 9:12 AM Peng Fan (OSS) <peng.fan@xxxxxxxxxxx> wrote:
>
> From: Peng Fan <peng.fan@xxxxxxx>
>
> If of_parse_phandle_with_args returns failure, the cooling_spec.np is
> uninitialized. So move of_node_put below the return value check to avoid
> accessing uninitialized value.
>
> Addresses-Coverity: 25772185 ("Uninitialized pointer read")
> Addresses-Coverity: 25772845 ("Uninitialized pointer read")
> Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization")
> Signed-off-by: Peng Fan <peng.fan@xxxxxxx>
> ---
> drivers/thermal/thermal_of.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c
> index 330690a3a208..4ca905723429 100644
> --- a/drivers/thermal/thermal_of.c
> +++ b/drivers/thermal/thermal_of.c
> @@ -291,13 +291,13 @@ static int __thermal_of_unbind(struct device_node *map_np, int index, int trip_i
> ret = of_parse_phandle_with_args(map_np, "cooling-device", "#cooling-cells",
> index, &cooling_spec);
>
> - of_node_put(cooling_spec.np);
> -
> if (ret < 0) {
> pr_err("Invalid cooling-device entry\n");
> return ret;
> }
>
> + of_node_put(cooling_spec.np);
> +
> if (cooling_spec.args_count < 2) {
> pr_err("wrong reference to cooling device, missing limits\n");
> return -EINVAL;
> @@ -324,13 +324,13 @@ static int __thermal_of_bind(struct device_node *map_np, int index, int trip_id,
> ret = of_parse_phandle_with_args(map_np, "cooling-device", "#cooling-cells",
> index, &cooling_spec);
>
> - of_node_put(cooling_spec.np);
> -
> if (ret < 0) {
> pr_err("Invalid cooling-device entry\n");
> return ret;
> }
>
> + of_node_put(cooling_spec.np);
> +
> if (cooling_spec.args_count < 2) {
> pr_err("wrong reference to cooling device, missing limits\n");
> return -EINVAL;
> --
Applied (with some edits in the subject and changelog) as 6.6 material, thanks!