| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFyYFhkupwb0tVLCDWQs9H1DX0kXZZkCwax_xUOUMfDgxA@mail.gmail.com>
Date: Wed, 8 Jul 2015 10:29:45 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Shuah Khan <shuahkhan@...il.com>,
Ming Lei <ming.lei@...onical.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Shuah Khan <shuahkh@....samsung.com>
Subject: Re: Linux 4.2-rc1
On Wed, Jul 8, 2015 at 10:17 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> Decoding the "Code:" line shows that this is the "->fw_id" dereference in
>
> if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
> return -ENOMEM;
>
> and that "fw_priv->buf" pointer is NULL.
>
> However, I don't see anything that looks like it should have changed
> any of this since 4.1.
Looking at the otehr uses of "fw_priv->buf", they all check that
pointer for NULL. I see code like
fw_buf = fw_priv->buf;
if (!fw_buf)
goto out;
etc.
Also, it looks like you need to hold the "fw_lock" to even look at
that pointer, since the buffer can get reallocated etc.
So that uevent code really looks buggy. It just doesn't look like a
*new* bug to me. That code looks old, going back to 2012 and commit
1244691c73b2.
Ming Lei?
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists