| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2016 01:29:47 +0100
From: "Rafael J. Wysocki" <rjw@...ysocki.net>
To: Arnd Bergmann <arnd@...db.de>
Cc: Andy Henroid <andrew.d.henroid@...el.com>,
linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] intel_idle: avoid theoretical uninitialized data usage
On Monday, October 24, 2016 05:52:37 PM Arnd Bergmann wrote:
> When CONFIG_PCI is disabled, pci_read_config_byte() may not update
> its result, as indicated by this warning:
>
> drivers/idle/i7300_idle.c: In function ‘i7300_idle_notifier’:
> drivers/idle/i7300_idle.c:423:141: warning: ‘got_ctl’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> drivers/idle/i7300_idle.c:415:5: note: ‘got_ctl’ was declared here
>
> We know the function is never called if CONFIG_PCI is not set, so
> this is harmless, but we can avoid the problem by checking the
> return value of the config space accessor before using the result.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> drivers/idle/i7300_idle.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/idle/i7300_idle.c b/drivers/idle/i7300_idle.c
> index ffeebc7e9f1c..9a104e558c77 100644
> --- a/drivers/idle/i7300_idle.c
> +++ b/drivers/idle/i7300_idle.c
> @@ -347,6 +347,7 @@ static int i7300_idle_thrt_save(void)
> {
> u32 new_mc_val;
> u8 gblactlm;
> + int ret;
>
> pci_read_config_byte(fbd_dev, DIMM_THRTCTL, &i7300_idle_thrtctl_saved);
> pci_read_config_byte(fbd_dev, DIMM_THRTLOW, &i7300_idle_thrtlow_saved);
> @@ -364,7 +365,9 @@ static int i7300_idle_thrt_save(void)
> * unlimited-activations while in open-loop throttling (i.e., when
> * Global Activation Throttle Limit is zero).
> */
> - pci_read_config_byte(fbd_dev, DIMM_GBLACT, &gblactlm);
> + ret = pci_read_config_byte(fbd_dev, DIMM_GBLACT, &gblactlm);
> + if (ret)
> + return ret;
> dprintk("thrtctl_saved = 0x%02x, thrtlow_saved = 0x%02x\n",
> i7300_idle_thrtctl_saved,
> i7300_idle_thrtlow_saved);
> @@ -413,14 +416,16 @@ static void i7300_idle_stop(void)
> {
> u8 new_ctl;
> u8 got_ctl;
> + int ret;
>
> new_ctl = i7300_idle_thrtctl_saved & ~DIMM_THRTCTL_THRMHUNT;
> pci_write_config_byte(fbd_dev, DIMM_THRTCTL, new_ctl);
>
> pci_write_config_byte(fbd_dev, DIMM_THRTLOW, i7300_idle_thrtlow_saved);
> pci_write_config_byte(fbd_dev, DIMM_THRTCTL, i7300_idle_thrtctl_saved);
> - pci_read_config_byte(fbd_dev, DIMM_THRTCTL, &got_ctl);
> - WARN_ON_ONCE(got_ctl != i7300_idle_thrtctl_saved);
> + ret = pci_read_config_byte(fbd_dev, DIMM_THRTCTL, &got_ctl);
> +
> + WARN_ON_ONCE(ret || (got_ctl != i7300_idle_thrtctl_saved));
> }
>
Applied (with a minor subject tweak).
Thanks,
Rafael
Powered by blists - more mailing lists