lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YdVJJ3PLZuSfrHzU@lahna>
Date:   Wed, 5 Jan 2022 09:30:47 +0200
From:   Mika Westerberg <mika.westerberg@...ux.intel.com>
To:     Jiasheng Jiang <jiasheng@...as.ac.cn>
Cc:     andreas.noever@...il.com, michael.jamet@...el.com,
        YehezkelShB@...il.com, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] thunderbolt:  Check for null pointer after calling
 kmemdup

Hi,

On Wed, Jan 05, 2022 at 02:42:44PM +0800, Jiasheng Jiang wrote:
> As the possible failure of the allocation, kmemdup() may return NULL
> pointer.
> Like alloc_switch(), it might be better to check it.
> Therefore, icm_icl_set_uuid() and icm_handle_event() should also check
> the return value of kmemdup().
> As for icm_icl_set_uuid(), which is assigned to icm->set_uuid, the
> return value of icm->set_uuid needs to check.
> And for icm_handle_event(), just free 'n' and directly return is enough,
> same as the way to handle the failure of kmalloc().

This is doing two things so I suggest sending two patches instead.
However, for the UUID part, I think it works fine if we get NULL (and I
think kmemdup() issues warning too).

> Fixes: 3cdb9446a117 ("thunderbolt: Add support for Intel Ice Lake")
> Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)")

There are probably not needed either since the "fix" here is for pretty
rare case of running out of memory. I think there is not even a NULL
pointer dereference because UUID is optional.

> Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
> ---
>  drivers/thunderbolt/icm.c | 20 ++++++++++++++++----
>  1 file changed, 16 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
> index 2f30b816705a..09ab31ea9128 100644
> --- a/drivers/thunderbolt/icm.c
> +++ b/drivers/thunderbolt/icm.c
> @@ -109,7 +109,7 @@ struct icm {
>  	int (*driver_ready)(struct tb *tb,
>  			    enum tb_security_level *security_level,
>  			    u8 *proto_version, size_t *nboot_acl, bool *rpm);
> -	void (*set_uuid)(struct tb *tb);
> +	int (*set_uuid)(struct tb *tb);
>  	void (*device_connected)(struct tb *tb,
>  				 const struct icm_pkg_header *hdr);
>  	void (*device_disconnected)(struct tb *tb,
> @@ -1643,7 +1643,7 @@ icm_icl_driver_ready(struct tb *tb, enum tb_security_level *security_level,
>  	return 0;
>  }
>  
> -static void icm_icl_set_uuid(struct tb *tb)
> +static int icm_icl_set_uuid(struct tb *tb)
>  {
>  	struct tb_nhi *nhi = tb->nhi;
>  	u32 uuid[4];
> @@ -1654,6 +1654,10 @@ static void icm_icl_set_uuid(struct tb *tb)
>  	uuid[3] = 0xffffffff;
>  
>  	tb->root_switch->uuid = kmemdup(uuid, sizeof(uuid), GFP_KERNEL);
> +	if (!tb->root_switch->uuid)
> +		return -ENOMEM;
> +
> +	return 0;
>  }
>  
>  static void
> @@ -1739,6 +1743,11 @@ static void icm_handle_event(struct tb *tb, enum tb_cfg_pkg_type type,
>  
>  	INIT_WORK(&n->work, icm_handle_notification);
>  	n->pkg = kmemdup(buf, size, GFP_KERNEL);
> +	if (!n->pkg) {
> +		kfree(n);
> +		return;
> +	}
> +
>  	n->tb = tb;
>  
>  	queue_work(tb->wq, &n->work);
> @@ -2152,8 +2161,11 @@ static int icm_start(struct tb *tb)
>  	tb->root_switch->no_nvm_upgrade = !icm->can_upgrade_nvm;
>  	tb->root_switch->rpm = icm->rpm;
>  
> -	if (icm->set_uuid)
> -		icm->set_uuid(tb);
> +	if (icm->set_uuid) {
> +		ret = icm->set_uuid(tb);
> +		if (ret)
> +			return ret;
> +	}
>  
>  	ret = tb_switch_add(tb->root_switch);
>  	if (ret) {
> -- 
> 2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ