lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 Aug 2015 07:49:25 +0200
From:	Markus Pargmann <mpa@...gutronix.de>
To:	Mark Brown <broonie@...nel.org>
Cc:	Henry Chen <henryc.chen@...iatek.com>,
	linux-kernel@...r.kernel.org, linux-mediatek@...ts.infradead.org,
	Sascha Hauer <kernel@...gutronix.de>,
	Matthias Brugger <matthias.bgg@...il.com>,
	eddie.huang@...iatek.com, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] regmap: Fix the null function of format_val on
 regmap_bulk_read.

On Wed, Aug 26, 2015 at 06:38:12PM +0100, Mark Brown wrote:
> On Wed, Aug 26, 2015 at 03:22:46PM +0200, Markus Pargmann wrote:
> > On Wed, Aug 26, 2015 at 01:35:56PM +0100, Mark Brown wrote:
> > > On Wed, Aug 26, 2015 at 07:43:16PM +0800, Henry Chen wrote:
> 
> > > Why are these format functions sensible?  Converting a null pointer
> > > dereference into data corruption wouldn't be ideal.  The commit message
> > > should really cover this.
> 
> > The regmap_bulk_read() function worked before the following patch:
> > 	15b8d2c41fe5 (regmap: Fix regmap_bulk_read in BE mode)
> 
> Define "worked" here.

"worked" means here that it did not run into a null pointer and returned
something that the user expected. I am not sure if someone actually
complained about the previous use of memcpy? I also don't know how the
behavior of regmap_bulk_read with reg_read() is defined.

Best Regards,

Markus

> 
> > As far as I can see this patch fixes this issue by using simple format
> > functions. Before the above mentioned patch, the code used memcpy. Now
> > regmap_format_*_native is used which should result in the same behaviour
> > but fixes the null pointer.
> 
> Again, this sort of analysis needs to be in the commit message (and
> really ought to explain why the resulting API makes sense).
> 
> > I am not sure if there are other locations in the code where format_val
> > is used in this setup so I don't know if this would change behavior in a
> > different codepath.
> 
> Which is another part of the concern, being able to format values is a
> more general concept.



-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ