| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ad76449f-0603-a156-85d6-37d3c906b4cc@posteo.net>
Date: Thu, 22 Apr 2021 06:47:20 +0000
From: Richard Genoud <richard.genoud@...il.com>
To: Jiri Slaby <jirislaby@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Cc: Kangjie Lu <kjlu@....edu>,
Richard Genoud <richard.genoud@...il.com>,
stable <stable@...r.kernel.org>
Subject: Re: [PATCH 120/190] Revert "tty: atmel_serial: fix a potential NULL
pointer dereference"
Le 22/04/2021 à 07:18, Jiri Slaby a écrit :
> On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
>> This reverts commit c85be041065c0be8bc48eda4c45e0319caf1d0e5.
>>
>> Commits from @umn.edu addresses have been found to be submitted in "bad
>> faith" to try to test the kernel community's ability to review "known
>> malicious" changes. The result of these submissions can be found in a
>> paper published at the 42nd IEEE Symposium on Security and Privacy
>> entitled, "Open Source Insecurity: Stealthily Introducing
>> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
>> of Minnesota) and Kangjie Lu (University of Minnesota).
>>
>> Because of this, all submissions from this group must be reverted from
>> the kernel tree and will need to be re-reviewed again to determine if
>> they actually are a valid fix. Until that work is complete, remove this
>> change to ensure that no problems are being introduced into the
>> codebase.
>>
>> Cc: Kangjie Lu <kjlu@....edu>
>> Cc: Richard Genoud <richard.genoud@...il.com>
>> Cc: stable <stable@...r.kernel.org>
>> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> ---
>> drivers/tty/serial/atmel_serial.c | 4 ----
>> 1 file changed, 4 deletions(-)
>>
>> diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
>> index a24e5c2b30bc..9786d8e5f04f 100644
>> --- a/drivers/tty/serial/atmel_serial.c
>> +++ b/drivers/tty/serial/atmel_serial.c
>> @@ -1256,10 +1256,6 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
>> sg_dma_len(&atmel_port->sg_rx)/2,
>> DMA_DEV_TO_MEM,
>> DMA_PREP_INTERRUPT);
>> - if (!desc) {
>> - dev_err(port->dev, "Preparing DMA cyclic failed\n");
>> - goto chan_err;
>> - }
>
> I cannot find anything malicious in the original fix:
> * port->dev is valid for dev_err
> * dmaengine_prep_dma_cyclic returns NULL in case of error
> * chan_err invokes atmel_release_rx_dma which undoes the previous initialization code.
>
> Hence a NACK from me for the revert.
I agree with your NACK.
Back at the time (march 2019), I reviewed the changed and asked for a 2nd version and
I didn't found anything suspicious.
But the more eyes, the better.
cf http://lkml.iu.edu/hypermail/linux/kernel/1903.1/05858.html
>
>> desc->callback = atmel_complete_rx_dma;
>> desc->callback_param = port;
>> atmel_port->desc_rx = desc;
>>
>
>
Powered by blists - more mailing lists