lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 9 Feb 2021 20:40:03 +0100
From:   Krzysztof WilczyƄski <kw@...ux.com>
To:     Gustavo Pimentel <Gustavo.Pimentel@...opsys.com>
Cc:     Bjorn Helgaas <helgaas@...nel.org>,
        "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "dmaengine@...r.kernel.org" <dmaengine@...r.kernel.org>,
        Vinod Koul <vkoul@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>
Subject: Re: [PATCH v4 15/15] dmaengine: dw-edma: Add pcim_iomap_table return
 checker

Hi Gustavo,

[...]
> > That's true, there are a lot of drivers that don't verify that pointer. 
> > What do you suggest?
> > 1) To remove the verification so that is aligned with the other drivers
> > 2) Leave it as is. Or even to add this verification to the other drivers?
> > 
> > Either way, I will add the pcim_iomap_table(pdev) before this 
> > instruction.
> [...]
> 
> A lot of the drivers consume the value from pcim_iomap_table() at
> a given BAR index directly as-is, some check if the pointer they got
> back is not NULL, a very few also check if the address at a given index
> is not NULL.
> 
> Given that the memory allocation for the table can fail, we ought to
> check for a NULL pointer.  It's a bit worrying that people decided to
> consume the value it returns directly without any verification.
> 
> I only found two drivers that perform this additional verification of
> checking whether the address at a given index is valid, as per:
> 
>   https://lore.kernel.org/linux-pci/YCLFTjZQ2bCfGC+J@rocinante/
> 
> Personally, I would opt for (2), and then like you suggested send
> a separate series to update other drivers so that they also include the
> this NULL pointer check.
> 
> But let's wait for Bjorn's take on this, though.

As per Bjorn's reply:

  https://lore.kernel.org/linux-pci/20210209185246.GA494880@bjorn-Precision-5520/

These extra checks I proposed would be definitely too much, especially
since almost everyone who uses pcim_iomap_table() also calls either
pcim_iomap_regions() or pcim_iomap_regions_request_all() before
accessing the table.

There probably is also an opportunity to simplify some of the other
drivers in the future, especially if do some API changes as per what
Bjorn suggested.

Sorry for taking your time, and thank you again!

Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ