Mailing List Archive

[PATCH next] tpm: Fix a possible dereference of ERR_PTR in tpm_init()
Smatch reports:
drivers/char/tpm/tpm-interface.c:470 tpm_init() error:
'tpm_class' dereferencing possible ERR_PTR()

If class_create() returns error pointer, we are dereferencing a possible
error pointer. Fix this by moving the dereference post error handling.

Fixes: a010eb881243 ("tpm: fix up the tpm_class shutdown_pre pointer when created")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
This is based on static analysis, only compile tested.
---
drivers/char/tpm/tpm-interface.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 43e23a04433a..4463d0018290 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -467,12 +467,13 @@ static int __init tpm_init(void)
int rc;

tpm_class = class_create("tpm");
- tpm_class->shutdown_pre = tpm_class_shutdown;
if (IS_ERR(tpm_class)) {
pr_err("couldn't create tpm class\n");
return PTR_ERR(tpm_class);
}

+ tpm_class->shutdown_pre = tpm_class_shutdown;
+
tpmrm_class = class_create("tpmrm");
if (IS_ERR(tpmrm_class)) {
pr_err("couldn't create tpmrm class\n");
--
2.38.1
Re: [PATCH next] tpm: Fix a possible dereference of ERR_PTR in tpm_init() [ In reply to ]
On Mon, Mar 20, 2023 at 11:14:15PM -0700, Harshit Mogalapalli wrote:
> Smatch reports:
> drivers/char/tpm/tpm-interface.c:470 tpm_init() error:
> 'tpm_class' dereferencing possible ERR_PTR()
>
> If class_create() returns error pointer, we are dereferencing a possible
> error pointer. Fix this by moving the dereference post error handling.
>
> Fixes: a010eb881243 ("tpm: fix up the tpm_class shutdown_pre pointer when created")
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> ---
> This is based on static analysis, only compile tested.

Thanks for this, good catch, I've queued it up in my tree now as I have
the offending change that caused this.

greg k-h
Re: [PATCH next] tpm: Fix a possible dereference of ERR_PTR in tpm_init() [ In reply to ]
On Mon, Mar 20, 2023 at 11:14:15PM -0700, Harshit Mogalapalli wrote:
> Smatch reports:
> drivers/char/tpm/tpm-interface.c:470 tpm_init() error:
> 'tpm_class' dereferencing possible ERR_PTR()
>
> If class_create() returns error pointer, we are dereferencing a possible
> error pointer. Fix this by moving the dereference post error handling.
>
> Fixes: a010eb881243 ("tpm: fix up the tpm_class shutdown_pre pointer when created")
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> ---
> This is based on static analysis, only compile tested.
> ---
> drivers/char/tpm/tpm-interface.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 43e23a04433a..4463d0018290 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -467,12 +467,13 @@ static int __init tpm_init(void)
> int rc;
>
> tpm_class = class_create("tpm");
> - tpm_class->shutdown_pre = tpm_class_shutdown;
> if (IS_ERR(tpm_class)) {
> pr_err("couldn't create tpm class\n");
> return PTR_ERR(tpm_class);
> }
>
> + tpm_class->shutdown_pre = tpm_class_shutdown;
> +
> tpmrm_class = class_create("tpmrm");
> if (IS_ERR(tpmrm_class)) {
> pr_err("couldn't create tpmrm class\n");
> --
> 2.38.1
>


Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko
Re: [PATCH next] tpm: Fix a possible dereference of ERR_PTR in tpm_init() [ In reply to ]
On Tue, Mar 21, 2023 at 09:01:08AM +0100, Greg Kroah-Hartman wrote:
> On Mon, Mar 20, 2023 at 11:14:15PM -0700, Harshit Mogalapalli wrote:
> > Smatch reports:
> > drivers/char/tpm/tpm-interface.c:470 tpm_init() error:
> > 'tpm_class' dereferencing possible ERR_PTR()
> >
> > If class_create() returns error pointer, we are dereferencing a possible
> > error pointer. Fix this by moving the dereference post error handling.
> >
> > Fixes: a010eb881243 ("tpm: fix up the tpm_class shutdown_pre pointer when created")
> > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> > ---
> > This is based on static analysis, only compile tested.
>
> Thanks for this, good catch, I've queued it up in my tree now as I have
> the offending change that caused this.

OK, thank you!

BR, Jarkko