lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201130104420.321531ec@coco.lan>
Date:   Mon, 30 Nov 2020 10:44:20 +0100
From:   Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
To:     Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc:     Linux Media Mailing List <linux-media@...r.kernel.org>,
        linuxarm@...wei.com, mauro.chehab@...wei.com,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH] media: gp8psk: initialize stats at power control logic

Em Fri, 27 Nov 2020 09:20:53 -0500
Willem de Bruijn <willemdebruijn.kernel@...il.com> escreveu:

> On Fri, Nov 27, 2020 at 1:46 AM Mauro Carvalho Chehab
> <mchehab+huawei@...nel.org> wrote:
> >
> > As reported on:
> >         https://lore.kernel.org/linux-media/20190627222020.45909-1-willemdebruijn.kernel@gmail.com/
> >
> > if gp8psk_usb_in_op() returns an error, the status var is not
> > initialized. Yet, this var is used later on, in order to
> > identify:
> >         - if the device was already started;
> >         - if firmware has loaded;
> >         - if the LNBf was powered on.
> >
> > Using status = 0 seems to ensure that everything will be
> > properly powered up.
> >
> > So, instead of the proposed solution, let's just set
> > status = 0.
> >
> > Reported-by: syzbot <syzkaller@...glegroups.com>
> > Reported-by: Willem de Bruijn <willemb@...gle.com>
> > Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
> > ---
> >  drivers/media/usb/dvb-usb/gp8psk.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/media/usb/dvb-usb/gp8psk.c b/drivers/media/usb/dvb-usb/gp8psk.c
> > index c07f46f5176e..b4f661bb5648 100644
> > --- a/drivers/media/usb/dvb-usb/gp8psk.c
> > +++ b/drivers/media/usb/dvb-usb/gp8psk.c
> > @@ -182,7 +182,7 @@ static int gp8psk_load_bcm4500fw(struct dvb_usb_device *d)
> >
> >  static int gp8psk_power_ctrl(struct dvb_usb_device *d, int onoff)
> >  {
> > -       u8 status, buf;
> > +       u8 status = 0, buf;
> >         int gp_product_id = le16_to_cpu(d->udev->descriptor.idProduct);
> >
> >         if (onoff) {
> > --
> > 2.28.0  
> 
> 
> Is it okay to ignore the return value of gp8psk_usb_in_op here?


Well, I don't have this specific hardware in my hands, but, if you
follow the logic there, it sounds ok to ignore.

It should be noticed that, on some devices, some I2C commands
will only return after having the device powered up and its
firmware loaded. As this code is at the powerup part of the code,
it sound reasonable to assume that the I2C read might fail.

So, this change is less aggressive than just returning, as
the driver may be relying on a fail read already.

---

If you follow the logic of this routine, a fail to read means 
that the hardware is not able to return to this specific
I2C command, either because it was physically (or logically)
removed or because it was not properly powered up.

If it was removed, trying to send I2C commands to
power it up will return errors, so the first attempt of
writing data to it will return an error.

If, on the other hand, the hardware was not properly powered up,
status = 0 will mean that all parts of the chipset should
be powered on. 

As this is the only place at the driver where a read is
not checked for its success, I'm assuming that this is the
original intent of the driver's author.

Thanks,
Mauro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ