| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Mar 2020 16:03:46 +0000
From: Nicholas Johnson <nicholas.johnson-opensource@...look.com.au>
To: Mika Westerberg <mika.westerberg@...ux.intel.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Subject: Re: [PATCH v2 2/3] nvmem: check for NULL reg_read and reg_write
before dereferencing
On Tue, Mar 03, 2020 at 12:29:56PM +0200, Mika Westerberg wrote:
> On Mon, Mar 02, 2020 at 03:43:02PM +0000, Nicholas Johnson wrote:
> > Return -EPERM if reg_read is NULL in bin_attr_nvmem_read() or if
> > reg_write is NULL in bin_attr_nvmem_write().
>
> Hmm, is this patch required at all since you already check the invalid
> combinations in the patch 1/3?
This is checked in nvmem_reg_read() and nvmem_reg_write() in
drivers/nvmem/core.c - for consistency, perhaps both should be done.
Also, defensive programming is a good idea, because code changes might
allow for a NULL to slip through in the future. But you are correct, at
this moment in time, we should not be able to cause a NULL dereference
(at least as far as I can tell).
Srinivas can either apply this patch or not, so if it is decided this is
not needed, I will not need to do a PATCH v3. Patch 3/3 does not
conflict with this patch.
Cheers
Powered by blists - more mailing lists