defect: fix code defects in public parts

PD#166793: code defects in public parts

crypto: exclude the of_match_device function return value is NULL
ddr_tool: solve problems of bad_shift and use_after_free
debug: prevent the number of cpus from exceeding the total
efuse: solve the problem of buffer_size_warning
memory_ext: solve the problems of divide_by_zero and overrun
unifykey: solve the problem of buffer_size_warning,and add a variable
          for useless_call
wifi: exclude the of_match_node function return value is NULL,and avoid
   the problem of string_overflow

Change-Id: I099ce7c60ddd0266d067215108f0e2baeb31c234
Signed-off-by: Jianxiong Pan <jianxiong.pan@amlogic.com>

diff --git a/drivers/amlogic/bluetooth/bt_device.c b/drivers/amlogic/bluetooth/bt_device.c
index 82745e757bdbdf52e5891ac53afbb4f6564411ca..594a14b9959850fa473758c34e501092abac7279 100644 (file)
--- a/drivers/amlogic/bluetooth/bt_device.c
+++ b/drivers/amlogic/bluetooth/bt_device.c
@@ -272,8 +272,11 @@ static int bt_probe(struct platform_device *pdev)
                if (ret)
                        pdata->power_down_disable = 0;
                pr_info("dis power down = %d;\n", pdata->power_down_disable);
-       } else {
+       } else if (pdev) {
                pdata = (struct bt_dev_data *)(pdev->dev.platform_data);
+       } else {
+               ret = -ENOENT;
+               goto err_res;
        }
 #else
        pdata = (struct bt_dev_data *)(pdev->dev.platform_data);
@@ -324,6 +327,7 @@ err_rfkill:
        rfkill_destroy(bt_rfk);
 err_rfk_alloc:
        bt_device_deinit(pdata);
+err_res:
        return ret;
 
 }

diff --git a/drivers/amlogic/crypto/aml-dma.c b/drivers/amlogic/crypto/aml-dma.c
index 12f5b3ea43a53d3a521476bbfc9972e780718fbc..9e74d0f24594d9d53811ca7c6f90aaf58f115ca7 100644 (file)
--- a/drivers/amlogic/crypto/aml-dma.c
+++ b/drivers/amlogic/crypto/aml-dma.c
@@ -96,6 +96,8 @@ static int aml_dma_probe(struct platform_device *pdev)
        }
 
        match = of_match_device(aml_dma_dt_match, &pdev->dev);
+       if (!match)
+               goto dma_err;
        priv_data = match->data;
        dma_dd->thread = priv_data->thread;
        dma_dd->status = priv_data->status;

diff --git a/drivers/amlogic/ddr_tool/ddr_band_op_gxl.c b/drivers/amlogic/ddr_tool/ddr_band_op_gxl.c
index 6796f05897bb32dc6ea2077dd7254ff8b4d1df55..c03b7b544205e02200ed20c472c8c3403dc5b1c2 100644 (file)
--- a/drivers/amlogic/ddr_tool/ddr_band_op_gxl.c
+++ b/drivers/amlogic/ddr_tool/ddr_band_op_gxl.c
@@ -31,6 +31,9 @@
 #include <linux/io.h>
 #include <linux/slab.h>
 
+#undef pr_fmt
+#define pr_fmt(fmt) "ddr_tool: " fmt
+
 static void gxl_dmc_port_config(struct ddr_bandwidth *db, int channel, int port)
 {
        unsigned int val;
@@ -42,12 +45,15 @@ static void gxl_dmc_port_config(struct ddr_bandwidth *db, int channel, int port)
                subport = port - PORT_MAJOR;
 
        val = readl(db->ddr_reg + port_reg[channel]);
-       if (subport < 0) {
+       if (port < 16) {
                val &= ~(0xffff << 16);
                val |= ((1 << (16 + port)) | 0xffff);
-       } else {
+       } else if (subport > 0) {
                val &= ~(0xffffffff);
                val |= (1 << 23) | (1 << subport);
+       } else {
+               pr_err("port config fail, %s: %d\n", __func__, __LINE__);
+               return;
        }
        writel(val, db->ddr_reg + port_reg[channel]);
 }

diff --git a/drivers/amlogic/ddr_tool/ddr_bandwidth.c b/drivers/amlogic/ddr_tool/ddr_bandwidth.c
index 002c6fa92cb126e4cee7ddc096fefb7b3edb59ef..b161f376b7e2878bf8d5d0902312efa90a90e966 100644 (file)
--- a/drivers/amlogic/ddr_tool/ddr_bandwidth.c
+++ b/drivers/amlogic/ddr_tool/ddr_bandwidth.c
@@ -357,9 +357,9 @@ static int ddr_bandwidth_remove(struct platform_device *pdev)
                class_destroy(&aml_ddr_class);
                free_irq(aml_db->irq_num, aml_db);
                kfree(aml_db->port_desc);
-               kfree(aml_db);
                iounmap(aml_db->ddr_reg);
                iounmap(aml_db->pll_reg);
+               kfree(aml_db);
                aml_db = NULL;
        }
 

diff --git a/drivers/amlogic/efuse/efuse64.c b/drivers/amlogic/efuse/efuse64.c
index f1a5c7a4cd30a69db3d1d82fd3d453a31297b5cf..2aa02ff651418ba9b00ca8ef38e5db590bd00e9d 100644 (file)
--- a/drivers/amlogic/efuse/efuse64.c
+++ b/drivers/amlogic/efuse/efuse64.c
@@ -610,6 +610,7 @@ int get_efusekey_info(struct device_node *np)
        char *propname;
        const char *uname;
        int ret;
+       int size;
 
        phandle = of_get_property(np, "key", NULL);
        if (!phandle) {
@@ -658,9 +659,9 @@ int get_efusekey_info(struct device_node *np)
                        pr_err("please config keyname item\n");
                        goto err;
                }
+               size = sizeof(efusekey_infos[index].keyname) - 1;
                strncpy(efusekey_infos[index].keyname, uname,
-                       strlen(uname) > sizeof(efusekey_infos[index].keyname) ?
-                       sizeof(efusekey_infos[index].keyname):strlen(uname));
+                       strlen(uname) > size ? size:strlen(uname));
                ret = of_property_read_u32(np_key, "offset",
                        &(efusekey_infos[index].offset));
                if (ret) {

diff --git a/drivers/amlogic/memory_ext/page_trace.c b/drivers/amlogic/memory_ext/page_trace.c
index 2f4e2bc060afcebb65ef305eb86821e805724648..1b873e557998ab948b3d2fa09120e83dfba2acc3 100644 (file)
--- a/drivers/amlogic/memory_ext/page_trace.c
+++ b/drivers/amlogic/memory_ext/page_trace.c
@@ -381,7 +381,7 @@ static void __init find_static_common_symbol(void)
        for (i = 0; i < COMMON_CALLER_SIZE; i++) {
                s = &common_func[i];
                if (!s->name)
-                       break;  /* end */
+                       break;  /* end */
                if (s->full_match) {
                        addr = kallsyms_contain_name(s->name, 1, NULL);
                        if (addr)
@@ -557,7 +557,6 @@ unsigned int pack_ip(unsigned long ip, int order, gfp_t flag)
        }
 
        trace.ret_ip = (ip - text) >> 2;
-       WARN_ON(trace.ret_ip > IP_RANGE_MASK);
 #ifdef CONFIG_AMLOGIC_CMA
        if (flag == __GFP_BDEV)
                trace.migrate_type = MIGRATE_CMA;

diff --git a/drivers/amlogic/unifykey/storagekey.c b/drivers/amlogic/unifykey/storagekey.c
index 831485f91ce1b6876f4770a25365e95ccecf1f76..7827b0ca055f27bae62f7a190c6a658aeeb768f5 100644 (file)
--- a/drivers/amlogic/unifykey/storagekey.c
+++ b/drivers/amlogic/unifykey/storagekey.c
@@ -402,7 +402,9 @@ ssize_t amlkey_write(const uint8_t *name,
                retval = (ssize_t)len;
                /* write down! */
                if (storagekey_info.buffer != NULL) {
-                       buf = kzalloc(storagekey_info.size, GFP_KERNEL);
+                       buf = kmalloc(storagekey_info.size, GFP_KERNEL);
+                       if (!buf)
+                               return -ENOMEM;
                        memcpy(buf, storagekey_info.buffer,
                                        storagekey_info.size);
                        if (store_key_write)

diff --git a/drivers/amlogic/unifykey/unifykey.c b/drivers/amlogic/unifykey/unifykey.c
index 0f602b2edf8fef1cb6d586c18dcc66711f95f7cc..f98ccc9d5a1b1ae8fd154c878ce379be9a761fea 100644 (file)
--- a/drivers/amlogic/unifykey/unifykey.c
+++ b/drivers/amlogic/unifykey/unifykey.c
@@ -275,7 +275,9 @@ static int key_storage_query(char *keyname, unsigned int *keystate)
 static int key_efuse_init(struct key_info_t *uk_info,
        char *buf, unsigned int len)
 {
-       unifykey_get_efuse_version(uk_info);
+       char var = 0;
+
+       var = unifykey_get_efuse_version(uk_info);
 
        return 0;
 }
@@ -812,7 +814,6 @@ static long unifykey_unlocked_ioctl(struct file *file,
                        char *keyname;
                        int ret;
 
-
                        key_item_info = kmalloc(sizeof(struct key_item_info_t),
                                GFP_KERNEL);
                        if (!key_item_info)
@@ -825,6 +826,7 @@ static long unifykey_unlocked_ioctl(struct file *file,
                                kfree(key_item_info);
                                return ret;
                        }
+                       key_item_info->name[KEY_UNIFY_NAME_LEN - 1] = '\0';
                        index = key_item_info->id;
                        keyname = key_item_info->name;
                        if (strlen(keyname) > KEY_UNIFY_NAME_LEN - 1) {
@@ -860,7 +862,8 @@ static long unifykey_unlocked_ioctl(struct file *file,
                        key_item_info->flag = keystate;
                        key_item_info->id = kkey->id;
                        strncpy(key_item_info->name,
-                                       kkey->name, KEY_UNIFY_NAME_LEN);
+                                       kkey->name, (KEY_UNIFY_NAME_LEN - 1));
+                       key_item_info->name[KEY_UNIFY_NAME_LEN - 1] = '\0';
                        ret = key_unify_size(ukdev, kkey->name, &reallen);
                        if (ret < 0) {
                                pr_err("%s() %d, get size fail\n",

diff --git a/drivers/amlogic/wifi/wifi_dt.c b/drivers/amlogic/wifi/wifi_dt.c
index 304f491db272b31842f5e85ffc92b375df832158..8a3219bb6e75d4c3b1f823c8a615fa5061de3cb4 100644 (file)
--- a/drivers/amlogic/wifi/wifi_dt.c
+++ b/drivers/amlogic/wifi/wifi_dt.c
@@ -125,6 +125,8 @@ static struct wifi_plat_info *wifi_get_driver_data
        const struct of_device_id *match;
 
        match = of_match_node(wifi_match, pdev->dev.of_node);
+       if (!match)
+               return NULL;
        return (struct wifi_plat_info *)match->data;
 }
 #else
@@ -338,7 +340,12 @@ static long wifi_power_ioctl(struct file *filp,
                WIFI_INFO("ioctl Set sdio wifi power down!\n");
                break;
        case SDIO_GET_DEV_TYPE:
-               memcpy(dev_type, get_wifi_inf(), strlen(get_wifi_inf()));
+               if (strlen(get_wifi_inf()) >= sizeof(dev_type))
+                       memcpy(dev_type, get_wifi_inf(),
+                               (sizeof(dev_type) - 1));
+               else
+                       memcpy(dev_type, get_wifi_inf(),
+                               strlen(get_wifi_inf()));
                WIFI_INFO("wifi interface dev type: %s, length = %d\n",
                                dev_type, (int)strlen(dev_type));
                if (copy_to_user((char __user *)arg,