lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20200624074406.GR2324254@vkoul-mobl>
Date:   Wed, 24 Jun 2020 13:14:06 +0530
From:   Vinod Koul <vkoul@...nel.org>
To:     gaurav singh <gaurav1086@...il.com>
Cc:     green.wan@...ive.com, dan.j.williams@...el.com, palmer@...belt.com,
        paul.walmsley@...ive.com, dmaengine@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] dma_async_tx_descriptor: Fix null pointer dereference

On 03-06-20, 22:59, gaurav singh wrote:
> The check: if (chan && (!len || !dest || !src)) indicates that chan can be
> NULL, however chan is dereferenced in multiple locations later without
> check. In the function: sf_pdma_alloc_desc() and later: chan->desc = desc;
> This can cause segmentation fault if chan is NULL and it doesn't return in
> the first check. To fix, this: add the check for chan right in the
> beginning.
> 
> Please find the patch below. Let me know if there's any issue.

1. please send using git-send-email
2. pls run checkpatch, below formatting is crap

> 
> Thank you.
> Gaurav.
> 
> >From a2f18613751b4ce5b0dba3a273a75957d872ccd3 Mon Sep 17 00:00:00 2001
> From: Gaurav Singh <gaurav1086@...il.com>
> Date: Wed, 3 Jun 2020 22:52:31 -0400
> Subject: [PATCH] dma_async_tx_descriptor: Fix null pointer dereference

Care to explain which null pointer dereference?
Also reread Documentation/process/submitting-patches.rst esp word about
subject lines

> 
> ---
>  drivers/dma/sf-pdma/sf-pdma.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/dma/sf-pdma/sf-pdma.c b/drivers/dma/sf-pdma/sf-pdma.c
> index 6d0bec947636..0cbc7b379d11 100644
> --- a/drivers/dma/sf-pdma/sf-pdma.c
> +++ b/drivers/dma/sf-pdma/sf-pdma.c
> @@ -94,7 +94,11 @@ sf_pdma_prep_dma_memcpy(struct dma_chan *dchan,
> dma_addr_t dest, dma_addr_t src,
>   struct sf_pdma_chan *chan = to_sf_pdma_chan(dchan);
>   struct sf_pdma_desc *desc;
> 
> - if (chan && (!len || !dest || !src)) {
> + if (!chan) {
> + return NULL;
> + }
> +
> + if (!len || !dest || !src) {
>   dev_err(chan->pdma->dma_dev.dev,
>   "Please check dma len, dest, src!\n");
>   return NULL;
> -- 
> 2.17.1

-- 
~Vinod

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ