lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <afc360b9-6d05-72a6-4933-2fc0b84a7cf7@samsung.com>
Date:   Fri, 26 Jul 2019 13:32:21 +0200
From:   Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>
To:     Navid Emamdoost <navid.emamdoost@...il.com>
Cc:     andriy.shevchenko@...ux.intel.com, emamd001@....edu, kjlu@....edu,
        smccaman@....edu, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jslaby@...e.com>, Vinod Koul <vkoul@...nel.org>,
        linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] 8250_lpss: check null return when calling
 pci_ioremap_bar


Hi,

On 7/19/19 7:48 PM, Navid Emamdoost wrote:
> pci_ioremap_bar may return null. This is eventually de-referenced at 
> drivers/dma/dw/core.c:1154 and drivers/dma/dw/core.c:1168. A null check 
> is needed to prevent null de-reference. I am adding the check and in case
>  of failure. Thanks to Andy Shevchenko for the hint on the necessity of 
> pci_iounmap when exiting.
> 
> Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
> ---
>  drivers/tty/serial/8250/8250_lpss.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/tty/serial/8250/8250_lpss.c b/drivers/tty/serial/8250/8250_lpss.c
> index 53ca9ba6ab4b..d07e431110d9 100644
> --- a/drivers/tty/serial/8250/8250_lpss.c
> +++ b/drivers/tty/serial/8250/8250_lpss.c
> @@ -169,10 +169,12 @@ static void qrk_serial_setup_dma(struct lpss8250 *lpss, struct uart_port *port)
>  	struct pci_dev *pdev = to_pci_dev(port->dev);
>  	int ret;
>  
> +	chip->pdata = &qrk_serial_dma_pdata;
>  	chip->dev = &pdev->dev;
>  	chip->irq = pci_irq_vector(pdev, 0);
>  	chip->regs = pci_ioremap_bar(pdev, 1);
> -	chip->pdata = &qrk_serial_dma_pdata;
> +	if (!chip->regs)
> +		return;
>  
>  	/* Falling back to PIO mode if DMA probing fails */
>  	ret = dw_dma_probe(chip);

pci_iounmap() should also be called on dw_dma_probe() failure (in such
case param->dma_dev is NULL so pci_iounmap() in qrk_serial_exit_dma()
won't be called during exit).

> @@ -195,11 +197,15 @@ static void qrk_serial_setup_dma(struct lpss8250 *lpss, struct uart_port *port)
>  pci_iounmap
>  static void qrk_serial_exit_dma(struct lpss8250 *lpss)
>  {
> +	struct dw_dma_chip *chip = &lpss->dma_chip;
>  	struct dw_dma_slave *param = &lpss->dma_param;
>  
>  	if (!param->dma_dev)
>  		return;
> -	dw_dma_remove(&lpss->dma_chip);
> +
> +	dw_dma_remove(chip);
> +
> +	pci_iounmap(to_pci_dev(chip->dev), chip->regs);
>  }
>  #else	/* CONFIG_SERIAL_8250_DMA */
>  static void qrk_serial_setup_dma(struct lpss8250 *lpss, struct uart_port *port) {}

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ