lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160410023421.GB27081@dvhart-mobl5.amr.corp.intel.com>
Date:	Sat, 9 Apr 2016 19:34:21 -0700
From:	Darren Hart <dvhart@...radead.org>
To:	"Rafael J. Wysocki" <rjw@...ysocki.net>
Cc:	Colin King <colin.king@...onical.com>,
	Sujith Thomas <sujith.thomas@...el.com>,
	platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] intel_menlow: set cdev after null device check to avoid
 null pointer dereference

On Tue, Mar 29, 2016 at 03:13:43PM +0200, Rafael Wysocki wrote:
> On Monday, March 28, 2016 11:18:05 AM Darren Hart wrote:
> > On Mon, Mar 28, 2016 at 05:18:39PM +0100, Colin King wrote:
> > > From: Colin Ian King <colin.king@...onical.com>
> > > 
> > > intel_menlow_memory_remove sanity checks to see if device is null, however,
> > > this check is performed after we have already passed device into a call
> > > to acpi_driver_data.  If device is null, then acpi_driver_data will produce
> > > a null pointer dereference on device. The correct action is to sanity check
> > > device, then assign cdev, then check if cdev is null.
> > > 
> > 
> > Hrm, looking at this locally, that all makes sense.
> > 
> > Taking a step back however, I notice that intel_menlow_memory_remove is an ops
> > function pointer inside the acpi_driver structure itself, which is called from
> > acpi_device_remove() (and probe) (drivers/acpi/bus.c). This already verifies
> > acpi_driver is not NULL and can't get acpi_driver if acpi_device is NULL. So
> > unless there is some other use case for this callback I'm unaware of (certainly
> > possible) it appears to be totally redundant to do this checking here.
> > 
> > +Rafael - is there a best practices for these acpi callbacks with respect to
> > input validation?
> 
> No best practices I'm aware of, but if the core does this checks anyway before
> calling this, they are clearly not necessary here.

My position as well.

Colin, would you care to respin these 2?

-- 
Darren Hart
Intel Open Source Technology Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ