lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 26 Mar 2019 13:01:10 +0000
From:   Robin Murphy <robin.murphy@....com>
To:     Aditya Pakki <pakki001@....edu>
Cc:     Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        linux-pci@...r.kernel.org, kjlu@....edu,
        Michal Simek <michal.simek@...inx.com>,
        linux-kernel@...r.kernel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2] pci: pcie-xilinx: fix a missing-check bug for
 __get_free_pages

On 23/03/2019 21:04, Aditya Pakki wrote:
> In case __get_free_pages fail, the fix returns error upstream
> to avoid NULL pointer dereference.

Where does msi_pages ever get dereferenced?

The logic here might actually still have a chance of working out OK with 
NULL depending on how the memory maps line up, but even if it doesn't, 
the problem is certainly not one of dereferencing.

Robin.

> Signed-off-by: Aditya Pakki <pakki001@....edu>
> 
> ---
> v1: Return error upstream as suggested by Steven
> ---
>   drivers/pci/controller/pcie-xilinx.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/pci/controller/pcie-xilinx.c b/drivers/pci/controller/pcie-xilinx.c
> index 9bd1a35cd5d8..91d8945bfb0c 100644
> --- a/drivers/pci/controller/pcie-xilinx.c
> +++ b/drivers/pci/controller/pcie-xilinx.c
> @@ -335,15 +335,19 @@ static const struct irq_domain_ops msi_domain_ops = {
>   /**
>    * xilinx_pcie_enable_msi - Enable MSI support
>    * @port: PCIe port information
> + * Return: 0 on success, negative error on failure
>    */
> -static void xilinx_pcie_enable_msi(struct xilinx_pcie_port *port)
> +static int xilinx_pcie_enable_msi(struct xilinx_pcie_port *port)
>   {
>   	phys_addr_t msg_addr;
>   
>   	port->msi_pages = __get_free_pages(GFP_KERNEL, 0);
> +	if (!port->msi_pages)
> +		return -ENOMEM;
>   	msg_addr = virt_to_phys((void *)port->msi_pages);
>   	pcie_write(port, 0x0, XILINX_PCIE_REG_MSIBASE1);
>   	pcie_write(port, msg_addr, XILINX_PCIE_REG_MSIBASE2);
> +	return 0;
>   }
>   
>   /* INTx Functions */
> @@ -498,6 +502,7 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port)
>   	struct device *dev = port->dev;
>   	struct device_node *node = dev->of_node;
>   	struct device_node *pcie_intc_node;
> +	int ret;
>   
>   	/* Setup INTx */
>   	pcie_intc_node = of_get_next_child(node, NULL);
> @@ -526,7 +531,9 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port)
>   			return -ENODEV;
>   		}
>   
> -		xilinx_pcie_enable_msi(port);
> +		ret = xilinx_pcie_enable_msi(port);
> +		if (ret)
> +			return ret;
>   	}
>   
>   	return 0;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ