lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YRPUhqvcTxCVvnBG@oden.dyn.berto.se>
Date:   Wed, 11 Aug 2021 15:45:42 +0200
From:   Niklas Söderlund 
        <niklas.soderlund@...natech.se>
To:     Nadezda Lutovinova <lutovinova@...ras.ru>
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-media@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
        linux-kernel@...r.kernel.org, ldv-project@...uxtesting.org
Subject: Re: [PATCH] media: rcar-csi2: Add checking to rcsi2_start_receiver().

Hi Nadezda,

Thanks for your work.

On 2021-08-11 16:31:42 +0300, Nadezda Lutovinova wrote:
> If rcsi2_code_to_fmt() return NULL,
> then null pointer dereference occurs in the next cycle.
> The patch adds checking if format is NULL.
> 
> Found by Linux Driver Verification project (linuxtesting.org).

Please drop the '.' at the end of the patch subject. Also the commit 
message could be better line wrapped.

> 
> Signed-off-by: Nadezda Lutovinova <lutovinova@...ras.ru>
> ---
>  drivers/media/platform/rcar-vin/rcar-csi2.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/media/platform/rcar-vin/rcar-csi2.c b/drivers/media/platform/rcar-vin/rcar-csi2.c
> index e28eff039688..55bb584d2a13 100644
> --- a/drivers/media/platform/rcar-vin/rcar-csi2.c
> +++ b/drivers/media/platform/rcar-vin/rcar-csi2.c
> @@ -553,6 +553,12 @@ static int rcsi2_start_receiver(struct rcar_csi2 *priv)
>  
>  	/* Code is validated in set_fmt. */
>  	format = rcsi2_code_to_fmt(priv->mf.code);
> +	if (!format) {

This can never happen ;-)

The only place priv->mf.code is set (after probe) is in  
rcsi2_set_pad_format() and there it explicitly checks if 
rcsi2_code_to_fmt() returns NULl and if so sets it to something that 
guarantees it will not.

Think of it as the verification is done at format configuration time so 
we don't have to have check it at start time. The reason for this is 
that we can't do much about a failure here other then fail the start 
while at configure time we can try to correct it and inform the user of 
the change.

That being said, I'm not oppose to fail the start here if we ever do 
introduce a bug here where rcsi2_code_to_fmt() would return NULL here.  
But I would like to drop the dev_err() here and just return -EINVAL.

I would mention in the commit message that this protects from future 
bugs.

> +		dev_err(priv->dev,
> +			"Incorrect mbus frame format code %u\n",
> +			priv->mf.code);
> +		return -EINVAL;
> +	}
>  
>  	/*
>  	 * Enable all supported CSI-2 channels with virtual channel and
> -- 
> 2.17.1
> 

-- 
Regards,
Niklas Söderlund

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ