lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 8 Nov 2017 09:41:25 -0500
From:   William Breathitt Gray <vilhelm.gray@...il.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Fengguang Wu <fengguang.wu@...el.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [isa_bus_shutdown] ALSA es1688_lib.c:113 ess_reset at 0x220:
 failed!!!

On Tue, Nov 07, 2017 at 09:03:48AM -0800, Linus Torvalds wrote:
>On Tue, Nov 7, 2017 at 2:25 AM, Fengguang Wu <fengguang.wu@...el.com> wrote:
>>
>> FYI this happens in v4.14-rc8 -- it's not necessarily a new bug.
>
>Yeah, no it is not new.
>
>It also likely doesn't matter (I suspect it happens if you try to
>force-load crazy modules that don't exist, and ISA doesn't have proper
>probing).
>
>But the code disassembles to
>
>   0: 8b 50 7c              mov    0x7c(%eax),%edx
>   3: 83 05 38 86 21 44 01 addl   $0x1,X
>   a:* 8b 4a 0c              mov    0xc(%edx),%ecx <-- trapping instruction
>   d: 83 15 3c 86 21 44 00 adcl   $0x0,X+4
>  14: 85 c9                test   %ecx,%ecx
>
>and while I have no idea what that odd addl/adcl is (other than the
>obvious "it's a 64-bit increment" - probably some random statistics
>due to your config), it looks like the oops is due to
>
>        struct isa_driver *isa_driver = dev->platform_data;
>
>        if (isa_driver->shutdown)
>
>with isa_driver being NULL (EDX: 00000000).
>
>So dev->platform_data is NULL, but why that actually happens I don't
>know. Some bad ISA device registration that _should_ have failed but
>instead got into some half-alive state, I'm sure.
>
>I'm not sure if anybody cares, but maybe adding a NULL check just to
>make the 0day robot not report this is a good idea.
>
>              Linus

I suspect platform_data is being set to NULL when a device match
fails (via the snd_es1688_match callback) in the isa_bus_match function.
The NULL pointer dereference then subsequently occurs in
isa_bus_shutdown since the platform_data member has been reset to
indicate an unsupported device.

The most straight-forward solution is as mentioned: perform a NULL check
to ensure we're actually working with a valid ISA device before blindly
poking it. I'll submit a simple patch then that should placate this
error.

William Breathitt Gray

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ