lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210331200233.GN2065@kadam>
Date:   Wed, 31 Mar 2021 23:02:33 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org, Hassan Shahbazi <h.shahbazi.git@...il.com>,
        gregkh@...uxfoundation.org, daniel.vetter@...ll.ch,
        jirislaby@...nel.org, yepeilin.cs@...il.com
Cc:     lkp@...el.com, kbuild-all@...ts.01.org,
        linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org,
        Hassan Shahbazi <h.shahbazi.git@...il.com>
Subject: Re: [PATCH] fix NULL pointer deference crash

Hi Hassan,

url:    https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable dereferenced before check 'ops' (see line 1324)

Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: potential spectre issue 'con2fb_map' [r]

vim +/ops +1336 drivers/video/fbdev/core/fbcon.c

^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1318  static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1319  {
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1320  	struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1321  	struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1322   	int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1323  
2a17d7e80f1df44 drivers/video/console/fbcon.c    Scot Doyle         2015-08-04 @1324  	ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c    Scot Doyle         2015-08-04  1325  
d1e2306681ad3cb drivers/video/console/fbcon.c    Michal Januszewski 2007-05-08  1326  	if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1327  		return;
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1328  
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby         2020-06-15  1329  	if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  1330  		fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c    Thierry Reding     2015-05-21  1331  	else
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  1332  		fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  1333  
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1334  	ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
                                                                                        ^^^^^^^^^^^^^^^^^
Dereferenced

^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1335  
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi    2021-03-31 @1336  	if (ops && ops->cursor)
                                                                                            ^^^
Checked too late

06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds     2020-09-08  1337  		ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1338  				get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1339  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (45368 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ