lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <yw1x8sz31wqw.fsf@mansr.com>
Date:   Tue, 29 Jan 2019 12:20:07 +0000
From:   Måns Rullgård <mans@...sr.com>
To:     Marc Zyngier <marc.zyngier@....com>
Cc:     YueHaibing <yuehaibing@...wei.com>, <tglx@...utronix.de>,
        <jason@...edaemon.net>, <marc.w.gonzalez@...e.fr>,
        <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH -next] irqchip/tango: Fix potential NULL pointer dereference

Marc Zyngier <marc.zyngier@....com> writes:

> On Tue, 29 Jan 2019 08:01:22 +0000,
> YueHaibing <yuehaibing@...wei.com> wrote:
>> 
>> There is a potential NULL pointer dereference in case kzalloc()
>> fails and returns NULL.
>> 
>> Fixes: 4bba66899ac6 ("irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller")
>> Signed-off-by: YueHaibing <yuehaibing@...wei.com>
>> ---
>>  drivers/irqchip/irq-tango.c | 2 ++
>>  1 file changed, 2 insertions(+)
>> 
>> diff --git a/drivers/irqchip/irq-tango.c b/drivers/irqchip/irq-tango.c
>> index ae28d86..a63b828 100644
>> --- a/drivers/irqchip/irq-tango.c
>> +++ b/drivers/irqchip/irq-tango.c
>> @@ -191,6 +191,8 @@ static int __init tangox_irq_init(void __iomem *base, struct resource *baseres,
>>  		panic("%pOFn: failed to get address", node);
>>  
>>  	chip = kzalloc(sizeof(*chip), GFP_KERNEL);
>> +	if (!chip)
>> +		return -ENOMEM;
>>  	chip->ctl = res.start - baseres->start;
>>  	chip->base = base;
>>  
>
> This is a commendable effort, but given that the whole error handling
> of this driver is just to simply panic, I have the ugly feeling that
> this lack of check is more a feature than a bug... Not that I like it,
> but at least it is consistent.

That seemed to be the norm for irqchip drivers when I wrote this one,
and a fair number of them still panic on errors during init.  There's
really not much else that can sanely be done since nothing will work
without irq handling.

As for the error return added by this patch, nothing checks it, so a
failure would merely result in the irqchip being silently skipped and
nothing working.  Propagating the error back to of_irq_init() also has
no effect, not even a warning.  Besides, kzalloc() is extremely unlikely
to fail at this stage, and if it does, you have much bigger problems.

-- 
Måns Rullgård

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ