lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 25 Jul 2018 19:25:07 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Stephen Boyd <sboyd@...nel.org>,
        Jiancheng Xue <xuejiancheng@...ilicon.com>,
        Michael Turquette <mturquette@...libre.com>
Cc:     linux-clk@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] reset: hisilicon: fix potential NULL pointer dereference

Hi Stephen,

On 07/25/2018 06:45 PM, Stephen Boyd wrote:
> Quoting Gustavo A. R. Silva (2018-07-18 18:58:45)
>> There is a potential execution path in which function
>> platform_get_resource() returns NULL. If this happens,
>> we will end up having a NULL pointer dereference.
>>
>> Fix this by adding asanity check in order to avoid a
>> NULL pointer dereference.
>>
>> This code was detected with the help of Coccinelle.
>>
>> Cc: stable@...r.kernel.org
>> Fixes: 97b7129cd2af ("reset: hisilicon: change the definition of hisi_reset_init")
>> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
>> ---
>>  drivers/clk/hisilicon/reset.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/clk/hisilicon/reset.c b/drivers/clk/hisilicon/reset.c
>> index 2a5015c..5dfb48b 100644
>> --- a/drivers/clk/hisilicon/reset.c
>> +++ b/drivers/clk/hisilicon/reset.c
>> @@ -109,6 +109,9 @@ struct hisi_reset_controller *hisi_reset_init(struct platform_device *pdev)
>>                 return NULL;
>>  
>>         res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
>> +       if (!res)
>> +               return NULL;
>> +
>>         rstc->membase = devm_ioremap(&pdev->dev,
>>                                 res->start, resource_size(res));
> 
> Why can't we use devm_ioremap_resource() here instead?
> 

You're right. I think we can perfectly use devm_ioremap_resource here and remove the null check.

I'll send patch for this shortly.

Thanks
--
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ