lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <b8b590f1-dd52-47bf-2237-5453f3b932a4@canonical.com>
Date:   Fri, 10 Jul 2020 16:50:41 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     Rocky Liao <rjliao@...eaurora.org>
Cc:     Marcel Holtmann <marcel@...tmann.org>,
        Johan Hedberg <johan.hedberg@...il.com>,
        linux-bluetooth@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: Bluetooth: hci_qca: Add QCA Rome power off support to the
 qca_power_shutdown()

Hi,

Static analysis with Coverity has found a potential issue in
drivers/bluetooth/hci_qca.c, function qca_power_shutdown.

The commit that triggered the detection of the issue was as follows:

commit 5559904ccc0867a0ce796761681e40defe4a5f44
Author: Rocky Liao <rjliao@...eaurora.org>
Date:   Wed Jan 15 16:55:50 2020 +0800

    Bluetooth: hci_qca: Add QCA Rome power off support to the
qca_power_shutdown()

The issue is as follows:

1776 static void qca_power_shutdown(struct hci_uart *hu)
1777 {
1778        struct qca_serdev *qcadev;
1779        struct qca_data *qca = hu->priv;
1780        unsigned long flags;
1781        enum qca_btsoc_type soc_type = qca_soc_type(hu);
1782
    deref_ptr_in_call: Dereferencing pointer hu->serdev.

1783        qcadev = serdev_device_get_drvdata(hu->serdev);

...

1797        /* Non-serdev device usually is powered by external power
1798         * and don't need additional action in driver for power down
1799         */

Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking hu->serdev suggests that it may be
null, but it has already been dereferenced on all paths leading to the
check.

1800        if (!hu->serdev)
1801                return;

There is a null check on hu->serdev on line 1800, however, in a previous
statement in line 1783 hu->serdev is being dereferenced.  Either
hu->serdev is never null and the check is redundant, or it can be null
and the null check needs to be moved to before line 1783.

Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ