lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190930052540.19168-1-yzhai003@ucr.edu>
Date:   Sun, 29 Sep 2019 22:25:39 -0700
From:   Yizhuo <yzhai003@....edu>
To:     unlisted-recipients:; (no To-header on input)
Cc:     csong@...ucr.edu, zhiyunq@...ucr.edu, Yizhuo <yzhai003@....edu>,
        Jonathan Cameron <jic23@...nel.org>,
        Hartmut Knaack <knaack.h@....de>,
        Lars-Peter Clausen <lars@...afoo.de>,
        Peter Meerwald-Stadler <pmeerw@...erw.net>,
        Ray Jui <rjui@...adcom.com>,
        Scott Branden <sbranden@...adcom.com>,
        bcm-kernel-feedback-list@...adcom.com,
        Stephen Boyd <swboyd@...omium.org>,
        Allison Randal <allison@...utok.net>,
        Thomas Gleixner <tglx@...utronix.de>,
        linux-iio@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH] iio: adc: Variables could be uninitalized if regmap_read() fails

Several functions in this file are trying to use regmap_read() to
initialize the specific variable, however, if regmap_read() fails,
the variable could be uninitialized but used directly, which is
potentially unsafe. The return value of regmap_read() should be
checked and handled.

Signed-off-by: Yizhuo <yzhai003@....edu>
---
 drivers/iio/adc/bcm_iproc_adc.c | 45 ++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 6 deletions(-)

diff --git a/drivers/iio/adc/bcm_iproc_adc.c b/drivers/iio/adc/bcm_iproc_adc.c
index 646ebdc0a8b4..6df19ceb5ff2 100644
--- a/drivers/iio/adc/bcm_iproc_adc.c
+++ b/drivers/iio/adc/bcm_iproc_adc.c
@@ -137,6 +137,7 @@ static irqreturn_t iproc_adc_interrupt_thread(int irq, void *data)
 	u32 channel_intr_status;
 	u32 intr_status;
 	u32 intr_mask;
+	int ret;
 	struct iio_dev *indio_dev = data;
 	struct iproc_adc_priv *adc_priv = iio_priv(indio_dev);
 
@@ -145,8 +146,19 @@ static irqreturn_t iproc_adc_interrupt_thread(int irq, void *data)
 	 * Make sure this interrupt is intended for us.
 	 * Handle only ADC channel specific interrupts.
 	 */
-	regmap_read(adc_priv->regmap, IPROC_INTERRUPT_STATUS, &intr_status);
-	regmap_read(adc_priv->regmap, IPROC_INTERRUPT_MASK, &intr_mask);
+	ret = regmap_read(adc_priv->regmap,
+					IPROC_INTERRUPT_STATUS, &intr_status);
+	if (ret) {
+		dev_err(&indio_dev->dev, "Fail to read IPROC_INTERRUPT_STATUS.\n");
+		return ret;
+	}
+
+	ret = regmap_read(adc_priv->regmap, IPROC_INTERRUPT_MASK, &intr_mask);
+	if (ret) {
+		dev_err(&indio_dev->dev, "Fail to read IPROC_INTERRUPT_MASK.\n");
+		return ret;
+	}
+
 	intr_status = intr_status & intr_mask;
 	channel_intr_status = (intr_status & IPROC_ADC_INTR_MASK) >>
 				IPROC_ADC_INTR;
@@ -162,6 +174,7 @@ static irqreturn_t iproc_adc_interrupt_handler(int irq, void *data)
 	struct iproc_adc_priv *adc_priv;
 	struct iio_dev *indio_dev = data;
 	unsigned int valid_entries;
+	int ret;
 	u32 intr_status;
 	u32 intr_channels;
 	u32 channel_status;
@@ -169,23 +182,37 @@ static irqreturn_t iproc_adc_interrupt_handler(int irq, void *data)
 
 	adc_priv = iio_priv(indio_dev);
 
-	regmap_read(adc_priv->regmap, IPROC_INTERRUPT_STATUS, &intr_status);
+	ret = regmap_read(adc_priv->regmap,
+					IPROC_INTERRUPT_STATUS, &intr_status);
+	if (ret) {
+		dev_err(&indio_dev->dev, "Fail to read IPROC_INTERRUPT_STATUS.\n");
+		return ret;
+	}
+
 	dev_dbg(&indio_dev->dev, "iproc_adc_interrupt_handler(),INTRPT_STS:%x\n",
 			intr_status);
 
 	intr_channels = (intr_status & IPROC_ADC_INTR_MASK) >> IPROC_ADC_INTR;
 	if (intr_channels) {
-		regmap_read(adc_priv->regmap,
+		ret = regmap_read(adc_priv->regmap,
 			    IPROC_ADC_CHANNEL_INTERRUPT_STATUS +
 			    IPROC_ADC_CHANNEL_OFFSET * adc_priv->chan_id,
 			    &ch_intr_status);
+		if (ret) {
+			dev_err(&indio_dev->dev, "Fail to read the register.\n");
+			return ret;
+		}
 
 		if (ch_intr_status & IPROC_ADC_CHANNEL_WTRMRK_INTR_MASK) {
-			regmap_read(adc_priv->regmap,
+			ret = regmap_read(adc_priv->regmap,
 					IPROC_ADC_CHANNEL_STATUS +
 					IPROC_ADC_CHANNEL_OFFSET *
 					adc_priv->chan_id,
 					&channel_status);
+			if (ret) {
+				dev_err(&indio_dev->dev, "Fail to read the register.\n");
+				return ret;
+			}
 
 			valid_entries = ((channel_status &
 				IPROC_ADC_CHANNEL_VALID_ENTERIES_MASK) >>
@@ -230,6 +257,7 @@ static int iproc_adc_do_read(struct iio_dev *indio_dev,
 	u32 mask;
 	u32 val_check;
 	int failed_cnt = 0;
+	int ret;
 	struct iproc_adc_priv *adc_priv = iio_priv(indio_dev);
 
 	mutex_lock(&adc_priv->mutex);
@@ -284,7 +312,12 @@ static int iproc_adc_do_read(struct iio_dev *indio_dev,
 	 * Testing has shown that this may loop a few time, but we have never
 	 * hit the full count.
 	 */
-	regmap_read(adc_priv->regmap, IPROC_INTERRUPT_MASK, &val_check);
+	ret = regmap_read(adc_priv->regmap, IPROC_INTERRUPT_MASK, &val_check);
+	if (ret) {
+		dev_err(&indio_dev->dev, "Fail to read IPROC_INTERRUPT_MASK.\n");
+		return ret;
+	}
+
 	while (val_check != val) {
 		failed_cnt++;
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ