lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 8 May 2021 15:46:30 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Pavel Skripkin <paskripkin@...il.com>, mchehab@...nel.org
Cc:     Uladzislau Rezki <urezki@...il.com>, linux-usb@...r.kernel.org,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] WARNING in __vmalloc_node_range

I wrote a Smatch check to see if there were more of these and here are
the other issues that it found.  (I will expant this check to more types
on Monday).

drivers/media/usb/dvb-usb-v2/lmedm04.c:1196 (null)() warn: element count is wrong 'lme2510_props.num_adapters=0' vs 'lme2510_props.adapter=2'
drivers/media/usb/dvb-usb-v2/af9035.c:1997 (null)() warn: element count is wrong 'af9035_props.num_adapters=0' vs 'af9035_props.adapter=2'
drivers/media/usb/dvb-usb-v2/af9035.c:2043 (null)() warn: element count is wrong 'it930x_props.num_adapters=0' vs 'it930x_props.adapter=2'
drivers/media/usb/dvb-usb-v2/af9015.c:1409 (null)() warn: element count is wrong 'af9015_props.num_adapters=0' vs 'af9015_props.adapter=2'
drivers/media/usb/dvb-usb/dtt200u.c:384 (null)() warn: element count is wrong 'wt220u_miglia_properties.num_adapters=1' vs 'wt220u_miglia_properties.adapter=0'

As far as I can see these are initialized in dvb_usb_adapter_init()
where the loop is:

	for (n = 0; n < d->props.num_adapters; n++) {

So it looks like all of these are genuine bugs.  But I'm not a subsystem
expert and can't test them.  These line numbers are from linux-next.

Btw, here are the other element/count pairings I was able to find which
I'm going to test on Monday.

ath5k_gain_opt, go_steps_count, go_step
atomisp_camera_caps, sensor_num, sensor
brcmf_rssi_event_le, rssi_level_num, rssi_levels
catpt_stream_template, num_entries, entries
dvb_usb_device_properties, num_adapters, adapter
dvb_usb_device_properties, num_device_descs, devices
go7007_board_info, num_inputs, inputs
hda_input_mux, num_items, items
idt_89hpes_cfg, port_cnt, ports
mipi_phy_device_desc, num_regmaps, regmap_names
mtk_thermal_data, need_switch_bank, bank_data
mwifiex_sdio_card_reg, func1_spec_reg_num, func1_spec_reg_table
nft_chain_type, hook_mask, hooks
PWR_DFY_Section, dfy_size, dfy_data
rkisp1_cif_isp_afc_config, num_afm_win, afm_win
scarlett_device_info, num_controls, controls
snd_soc_acpi_codecs, num_codecs, codecs
timb_dma_platform_data, nr_channels, channels
uniphier_u3hsphy_soc_data, nparams, param
uniphier_u3ssphy_soc_data, nparams, param
venus_resources, vcodec_clks_num, vcodec_pmdomains

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ