| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 Mar 2019 11:47:03 -0500
From: Aditya Pakki <pakki001@....edu>
To: Jens Axboe <axboe@...nel.dk>
Cc: kjlu@....edu, linux-ide@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ata: dwc_460ex: Avoid potential NULL pointer dereference
On 3/24/19 11:28 AM, Jens Axboe wrote:
> On 3/4/19 4:08 PM, Aditya Pakki wrote:
>> dma_async_tx_descriptor can contain a NULL variable and using
>> it in dmaengine_submit without checking can crash the process.
>> This patch avoids such a scenario.
>>
>> Signed-off-by: Aditya Pakki <pakki001@....edu>
>> ---
>> drivers/ata/sata_dwc_460ex.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/ata/sata_dwc_460ex.c b/drivers/ata/sata_dwc_460ex.c
>> index 6f142aa54f5f..44a0d7a1ef54 100644
>> --- a/drivers/ata/sata_dwc_460ex.c
>> +++ b/drivers/ata/sata_dwc_460ex.c
>> @@ -1052,8 +1052,10 @@ static void sata_dwc_bmdma_start_by_tag(struct ata_queued_cmd *qc, u8 tag)
>> SATA_DWC_DMACR_RXCHEN);
>>
>> /* Enable AHB DMA transfer on the specified channel */
>> - dmaengine_submit(desc);
>> - dma_async_issue_pending(hsdevp->chan);
>> + if (desc) {
>> + dmaengine_submit(desc);
>> + dma_async_issue_pending(hsdevp->chan);
>> + }
>> }
>> }
>
> Hmm, if desc == NULL, is that an error condition?
>
Jens,
In dmaengine_submit, the desc variable is dereferenced without a check for NULL.
Powered by blists - more mailing lists