lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53103399.5070202@metafoo.de>
Date:	Fri, 28 Feb 2014 07:58:33 +0100
From:	Lars-Peter Clausen <lars@...afoo.de>
To:	Xiubo Li <Li.Xiubo@...escale.com>
CC:	broonie@...nel.org, lgirdwood@...il.com, tiwai@...e.de,
	alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Subject: Re: [alsa-devel] [PATCH] ASoC: cache: Do the codec->reg_cache zero
 pionter check

On 02/28/2014 03:48 AM, Xiubo Li wrote:
> For the snd_soc_cache_init(), the reg_size maybe zero and then the value
> of codec->reg_cache, which is alloced via kzalloc, maybe equal to
> ZERO_SIZE_PTR. If the reg parameter of snd_soc_cache_write() is large enough,
> the cache[idx] = val maybe cause the kernel crash...
>

There are actually no users of snd_soc_cache_{read,write}() left. Since all 
drivers using snd_soc_set_cache_io() are now using native regmap the path in 
hw_{read,write} that does call snd_soc_cache_{read,write}() is never hit.

If you want to avoid this theoretical issue just remove the functions.

> So this patch fix this via doing the zero pionter check of it.
>
> Signed-off-by: Xiubo Li <Li.Xiubo@...escale.com>
> ---
>   sound/soc/soc-cache.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c
> index 375dc6d..bfed3e4 100644
> --- a/sound/soc/soc-cache.c
> +++ b/sound/soc/soc-cache.c
> @@ -96,8 +96,7 @@ int snd_soc_cache_exit(struct snd_soc_codec *codec)
>   {
>   	dev_dbg(codec->dev, "ASoC: Destroying cache for %s codec\n",
>   			codec->name);
> -	if (!codec->reg_cache)
> -		return 0;
> +
>   	kfree(codec->reg_cache);
>   	codec->reg_cache = NULL;
>   	return 0;
> @@ -117,8 +116,9 @@ int snd_soc_cache_read(struct snd_soc_codec *codec,
>   		return -EINVAL;
>
>   	mutex_lock(&codec->cache_rw_mutex);
> -	*value = snd_soc_get_cache_val(codec->reg_cache, reg,
> -				       codec->driver->reg_word_size);
> +	if (!ZERO_OR_NULL_PTR(codec->reg_cache))
> +		*value = snd_soc_get_cache_val(codec->reg_cache, reg,
> +					       codec->driver->reg_word_size);
>   	mutex_unlock(&codec->cache_rw_mutex);
>
>   	return 0;
> @@ -136,8 +136,9 @@ int snd_soc_cache_write(struct snd_soc_codec *codec,
>   			unsigned int reg, unsigned int value)
>   {
>   	mutex_lock(&codec->cache_rw_mutex);
> -	snd_soc_set_cache_val(codec->reg_cache, reg, value,
> -			      codec->driver->reg_word_size);
> +	if (!ZERO_OR_NULL_PTR(codec->reg_cache))
> +		snd_soc_set_cache_val(codec->reg_cache, reg, value,
> +				      codec->driver->reg_word_size);
>   	mutex_unlock(&codec->cache_rw_mutex);
>
>   	return 0;
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ