lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6931c116-78fb-9ad9-aab1-f15799118c82@synaptics.com>
Date:   Fri, 15 Nov 2019 18:18:05 +0000
From:   Andrew Duggan <aduggan@...aptics.com>
To:     Jiri Kosina <jikos@...nel.org>
CC:     "linux-input@...r.kernel.org" <linux-input@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Benjamin Tissoires <benjamin.tissoires@...hat.com>,
        Federico Cerutti <federico@...es-c.it>,
        Christopher Heiny <Cheiny@...aptics.com>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>
Subject: Re: [PATCH] HID: rmi: Check that the RMI_STARTED bit is set before
 unregistering the RMI transport device

Hi Jiri,

On 11/15/19 7:26 AM, Jiri Kosina wrote:
> On Wed, 23 Oct 2019, Andrew Duggan wrote:
>
>> In the event that the RMI device is unreachable, the calls to
>> rmi_set_mode() or rmi_set_page() will fail before registering the RMI
>> transport device. When the device is removed, rmi_remove() will call
>> rmi_unregister_transport_device() which will attempt to access the
>> rmi_dev pointer which was not set. This patch adds a check of the
>> RMI_STARTED bit before calling rmi_unregister_transport_device().
>> The RMI_STARTED bit is only set after rmi_register_transport_device()
>> completes successfully. A subsequent patch in the RMI core will add
>> checks to validate the pointers before accessing them.
> Andrew,
>
> my mailbox doesn't seem to have that 'subsequent patch' ... was it ever
> sent and I missed it? If so, could you please resend it?

The subsequent patch which I was referring to is:

https://lore.kernel.org/linux-input/20191023012344.20998-2-aduggan@synaptics.com/

Since this second patch was for the input subsystem I decided to just 
make them separate patches instead of creating a series. However, based 
on Dmitry's feedback it was determined that the second patch wasn't a 
good idea and it won't be applied. This first patch is enough to fix the 
issue by preventing the call to rmi_unregister_transport_device() if the 
subsequent call to register failed. The only change I would make to this 
patch would be to remove the last sentence of the comment. If you choose 
to apply that patch then would this be a change you would make? Or would 
you prefer I submit a v2 with this update?

Thanks,

Andrew


> Thanks,
>
> --
> Jiri Kosina
> SUSE Labs
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ