lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 23 May 2018 14:42:26 +0100
From:   Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:     Wei Yongjun <weiyongjun1@...wei.com>,
        Sagar Dharia <sdharia@...eaurora.org>
Cc:     alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH -next] slimbus: qcom: fix potential NULL dereference in
 qcom_slim_prg_slew()



On 22/05/18 12:46, Wei Yongjun wrote:
> platform_get_resource() may fail and return NULL, so we should
> better check it's return value to avoid a NULL pointer dereference
> a bit later in the code.
> 
> This is detected by Coccinelle semantic patch.
> 
> @@
> expression pdev, res, n, t, e, e1, e2;
> @@
> 
> res = platform_get_resource_byname(pdev, t, n);
> + if (!res)
> +   return -EINVAL;
> ... when != res == NULL
> e = devm_ioremap(e1, res->start, e2);
> 

> Fixes: ad7fcbc308b0 ("slimbus: qcom: Add Qualcomm Slimbus controller driver")
> Signed-off-by: Wei Yongjun <weiyongjun1@...wei.com>
> ---
>   drivers/slimbus/qcom-ctrl.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/slimbus/qcom-ctrl.c b/drivers/slimbus/qcom-ctrl.c
> index bb36a8f..caea3b9 100644
> --- a/drivers/slimbus/qcom-ctrl.c
> +++ b/drivers/slimbus/qcom-ctrl.c
> @@ -478,6 +478,8 @@ static void qcom_slim_prg_slew(struct platform_device *pdev,
>   		/* SLEW RATE register for this SLIMbus */
>   		slew_mem = platform_get_resource_byname(pdev, IORESOURCE_MEM,
>   				"slew");
> +		if (!slew_mem)
> +			return;

I think a better fix would be to do a devm_ioremap_resource() instead of 
  devm_ioremap, which already has this check. This will also be inline 
with other resource handled in this driver.

thanks,
srini
>   		ctrl->slew_reg = devm_ioremap(&pdev->dev, slew_mem->start,
>   				resource_size(slew_mem));
>   		if (!ctrl->slew_reg)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ