lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 12 Aug 2020 22:19:01 +0800
From:   kernel test robot <lkp@...el.com>
To:     Oliver Neukum <oneukum@...e.com>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: drivers/net/usb/hso.c:2626 hso_create_bulk_serial_device() warn:
 variable dereferenced before check 'serial->tiocmget' (see line 2620)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   fb893de323e2d39f7a1f6df425703a2edbdf56ea
commit: af0de1303c4e8f44fadd7b4c593f09f22324b04f usb: hso: obey DMA rules in tiocmget
date:   10 months ago
config: ia64-randconfig-m031-20200811 (attached as .config)
compiler: ia64-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

New smatch warnings:
drivers/net/usb/hso.c:2626 hso_create_bulk_serial_device() warn: variable dereferenced before check 'serial->tiocmget' (see line 2620)

Old smatch warnings:
drivers/net/usb/hso.c:1400 hso_serial_set_termios() error: we previously assumed 'old' could be null (see line 1391)

vim +2626 drivers/net/usb/hso.c

  2595	
  2596	/* Creates a bulk AT channel */
  2597	static struct hso_device *hso_create_bulk_serial_device(
  2598				struct usb_interface *interface, int port)
  2599	{
  2600		struct hso_device *hso_dev;
  2601		struct hso_serial *serial;
  2602		int num_urbs;
  2603		struct hso_tiocmget *tiocmget;
  2604	
  2605		hso_dev = hso_create_device(interface, port);
  2606		if (!hso_dev)
  2607			return NULL;
  2608	
  2609		serial = kzalloc(sizeof(*serial), GFP_KERNEL);
  2610		if (!serial)
  2611			goto exit;
  2612	
  2613		serial->parent = hso_dev;
  2614		hso_dev->port_data.dev_serial = serial;
  2615	
  2616		if ((port & HSO_PORT_MASK) == HSO_PORT_MODEM) {
  2617			num_urbs = 2;
  2618			serial->tiocmget = kzalloc(sizeof(struct hso_tiocmget),
  2619						   GFP_KERNEL);
> 2620			serial->tiocmget->serial_state_notification
  2621				= kzalloc(sizeof(struct hso_serial_state_notification),
  2622						   GFP_KERNEL);
  2623			/* it isn't going to break our heart if serial->tiocmget
  2624			 *  allocation fails don't bother checking this.
  2625			 */
> 2626			if (serial->tiocmget && serial->tiocmget->serial_state_notification) {
  2627				tiocmget = serial->tiocmget;
  2628				tiocmget->endp = hso_get_ep(interface,
  2629							    USB_ENDPOINT_XFER_INT,
  2630							    USB_DIR_IN);
  2631				if (!tiocmget->endp) {
  2632					dev_err(&interface->dev, "Failed to find INT IN ep\n");
  2633					goto exit;
  2634				}
  2635	
  2636				tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL);
  2637				if (tiocmget->urb) {
  2638					mutex_init(&tiocmget->mutex);
  2639					init_waitqueue_head(&tiocmget->waitq);
  2640				} else
  2641					hso_free_tiomget(serial);
  2642			}
  2643		}
  2644		else
  2645			num_urbs = 1;
  2646	
  2647		if (hso_serial_common_create(serial, num_urbs, BULK_URB_RX_SIZE,
  2648					     BULK_URB_TX_SIZE))
  2649			goto exit;
  2650	
  2651		serial->in_endp = hso_get_ep(interface, USB_ENDPOINT_XFER_BULK,
  2652					     USB_DIR_IN);
  2653		if (!serial->in_endp) {
  2654			dev_err(&interface->dev, "Failed to find BULK IN ep\n");
  2655			goto exit2;
  2656		}
  2657	
  2658		if (!
  2659		    (serial->out_endp =
  2660		     hso_get_ep(interface, USB_ENDPOINT_XFER_BULK, USB_DIR_OUT))) {
  2661			dev_err(&interface->dev, "Failed to find BULK IN ep\n");
  2662			goto exit2;
  2663		}
  2664	
  2665		serial->write_data = hso_std_serial_write_data;
  2666	
  2667		/* and record this serial */
  2668		set_serial_by_index(serial->minor, serial);
  2669	
  2670		/* setup the proc dirs and files if needed */
  2671		hso_log_port(hso_dev);
  2672	
  2673		/* done, return it */
  2674		return hso_dev;
  2675	
  2676	exit2:
  2677		hso_serial_tty_unregister(serial);
  2678		hso_serial_common_free(serial);
  2679	exit:
  2680		hso_free_tiomget(serial);
  2681		kfree(serial);
  2682		kfree(hso_dev);
  2683		return NULL;
  2684	}
  2685	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (31413 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ