lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <93b672ef-76c9-e87c-4526-897b0af01945@redhat.com>
Date:   Mon, 7 Sep 2020 07:25:59 -0700
From:   Tom Rix <trix@...hat.com>
To:     Vinod Koul <vkoul@...nel.org>
Cc:     yung-chuan.liao@...ux.intel.com,
        pierre-louis.bossart@...ux.intel.com, sanyog.r.kale@...el.com,
        natechancellor@...il.com, ndesaulniers@...gle.com,
        guennadi.liakhovetski@...ux.intel.com,
        kai.vehmanen@...ux.intel.com, alsa-devel@...a-project.org,
        linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH] soundwire: stream: fix an invalid free


On 9/7/20 7:14 AM, Vinod Koul wrote:
> Hello Tom,
>
> On 05-09-20, 12:26, trix@...hat.com wrote:
>> From: Tom Rix <trix@...hat.com>
>>
>> clang static analyzer reports this problem
>>
>> stream.c:872:2: warning: Argument to kfree() is a constant
>>   address (18446744073709551092), which is not memory
>>   allocated by malloc()
>>         kfree(stream);
>>         ^~~~~~~~~~~~~
>>
>> In sdw_shutdown_stream() the stream to free is set by
>> a call to snd_soc_dai_get_sdw_stream().  The problem block
>> is the check if the call was successful.
>>
>> 	if (!sdw_stream) {
>> 		dev_err(rtd->dev, "no stream found...
>> 		return;
>> 	}
>>
>> When snd_soc_dai_get_sdw_stream() fails, it does not
>> always return null, sometimes it returns -ENOTSUPP.
>>
>> So also check for error codes.
>> Fixes: 4550569bd779 ("soundwire: stream: add helper to startup/shutdown streams")
>> Signed-off-by: Tom Rix <trix@...hat.com>
>> ---
>>  drivers/soundwire/stream.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c
>> index 6e36deb505b1..950231d593c2 100644
>> --- a/drivers/soundwire/stream.c
>> +++ b/drivers/soundwire/stream.c
>> @@ -1913,7 +1913,7 @@ void sdw_shutdown_stream(void *sdw_substream)
>>  
>>  	sdw_stream = snd_soc_dai_get_sdw_stream(dai, substream->stream);
>>  
>> -	if (!sdw_stream) {
>> +	if (IS_ERR_OR_NULL(sdw_stream)) {
> Thanks for the patch. Please see commit 3471d2a192ba ("soundwire:
> stream: fix NULL/IS_ERR confusion") in soundwire-next. This has already
> been updated to IS_ERR() and Bard has already sent patches for
> snd_soc_dai_get_sdw_stream() to return proper values.
>
> So I you can rerun this on next, you should see this fixed.

I am working on linux-next, so I will see Bard's patch when it lands there.

Sorry for not working on soundwire-next, but since i am fixing everywhere linux-next is easiest. 

Thank you for the update.

Tom

>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ