| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Apr 2012 14:08:17 +0200 From: Daniel Lezcano <daniel.lezcano@...aro.org> To: "Srivatsa S. Bhat" <srivatsa.bhat@...ux.vnet.ibm.com> CC: lenb@...nel.org, khilman@...com, deepthi@...ux.vnet.ibm.com, g.trinabh@...il.com, arjan@...radead.org, linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org, amit.kucheria@...aro.org Subject: Re: [PATCH] cpuidle: Avoid possible NULL pointer dereference in __cpuidle_register_device() On 04/03/2012 01:51 PM, Srivatsa S. Bhat wrote: > On 04/03/2012 01:01 AM, Daniel Lezcano wrote: > >> On 04/02/2012 04:44 PM, Srivatsa S. Bhat wrote: >>> In __cpuidle_register_device(), "dev->cpu" is used before checking if >>> dev is >>> non-NULL. Fix it. >>> >>> Signed-off-by: Srivatsa S. Bhat<srivatsa.bhat@...ux.vnet.ibm.com> >>> --- >> >> That should be fixed at the caller level. Usually, static function does >> not check the function parameters, it is up to the exported function to >> do that. It is supposed the static functions are called with valid >> parameters. >> > > > Ok, good point! I hadn't thought about that.. I just happened to notice > that in __cpuidle_register_device(), the dev == NULL check is performed > _after_ dereferencing it, which made the check useless. So I tried to > fix that within that function. But thanks for pointing out the semantics.. > >> There are two callers for __cpuidle_register_device: >> * cpuidle_register_device >> * cpuidle_enable_device >> >> Both of them do not check 'dev' is a valid parameter. They should as >> they are exported and could be used by an external module. IMHO, BUG_ON >> could be used here if dev == NULL. >> > > > BUG_ON? That would crash the system.. which might be unnecessary.. Mmh, yes, I agree. never mind. > How about checking if dev == NULL in the 2 callers like you suggested > and returning -EINVAL if dev is indeed NULL? > (And of course no checks for dev == NULL in __cpuidle_register_device). Ok for me. > Thank you for the review! You are welcome :) Thanks -- Daniel -- <http://www.linaro.org/> Linaro.org │ Open source software for ARM SoCs Follow Linaro: <http://www.facebook.com/pages/Linaro> Facebook | <http://twitter.com/#!/linaroorg> Twitter | <http://www.linaro.org/linaro-blog/> Blog -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists