lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <874k9ny6k6.fsf@redhat.com>
Date:   Mon, 11 Oct 2021 16:33:45 +0200
From:   Cornelia Huck <cohuck@...hat.com>
To:     Pierre Morel <pmorel@...ux.ibm.com>,
        Halil Pasic <pasic@...ux.ibm.com>,
        Vineeth Vijayan <vneethv@...ux.ibm.com>,
        Peter Oberparleiter <oberpar@...ux.ibm.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Michael Mueller <mimu@...ux.ibm.com>,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     stable@...r.kernel.org, bfu@...hat.com
Subject: Re: [RFC PATCH 1/1] s390/cio: make ccw_device_dma_* more robust

On Mon, Oct 11 2021, Pierre Morel <pmorel@...ux.ibm.com> wrote:

> On 10/11/21 1:59 PM, Halil Pasic wrote:
>> diff --git a/drivers/s390/cio/device_ops.c b/drivers/s390/cio/device_ops.c
>> index 0fe7b2f2e7f5..c533d1dadc6b 100644
>> --- a/drivers/s390/cio/device_ops.c
>> +++ b/drivers/s390/cio/device_ops.c
>> @@ -825,13 +825,23 @@ EXPORT_SYMBOL_GPL(ccw_device_get_chid);
>>    */
>>   void *ccw_device_dma_zalloc(struct ccw_device *cdev, size_t size)
>>   {
>> -	return cio_gp_dma_zalloc(cdev->private->dma_pool, &cdev->dev, size);
>> +	void *addr;
>> +
>> +	if (!get_device(&cdev->dev))
>> +		return NULL;
>> +	addr = cio_gp_dma_zalloc(cdev->private->dma_pool, &cdev->dev, size);
>> +	if (IS_ERR_OR_NULL(addr))
>
> I can be wrong but it seems that only dma_alloc_coherent() used in 
> cio_gp_dma_zalloc() report an error but the error is ignored and used as 
> a valid pointer.

Hm, I thought dma_alloc_coherent() returned either NULL or a valid
address?

>
> So shouldn't we modify this function and just test for a NULL address here?

If I read cio_gp_dma_zalloc() correctly, we either get NULL or a valid
address, so yes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ