| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2022 09:30:47 +0200
From: Mika Westerberg <mika.westerberg@...ux.intel.com>
To: Jiasheng Jiang <jiasheng@...as.ac.cn>
Cc: andreas.noever@...il.com, michael.jamet@...el.com,
YehezkelShB@...il.com, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] thunderbolt: Check for null pointer after calling
kmemdup
Hi,
On Wed, Jan 05, 2022 at 02:42:44PM +0800, Jiasheng Jiang wrote:
> As the possible failure of the allocation, kmemdup() may return NULL
> pointer.
> Like alloc_switch(), it might be better to check it.
> Therefore, icm_icl_set_uuid() and icm_handle_event() should also check
> the return value of kmemdup().
> As for icm_icl_set_uuid(), which is assigned to icm->set_uuid, the
> return value of icm->set_uuid needs to check.
> And for icm_handle_event(), just free 'n' and directly return is enough,
> same as the way to handle the failure of kmalloc().
This is doing two things so I suggest sending two patches instead.
However, for the UUID part, I think it works fine if we get NULL (and I
think kmemdup() issues warning too).
> Fixes: 3cdb9446a117 ("thunderbolt: Add support for Intel Ice Lake")
> Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)")
There are probably not needed either since the "fix" here is for pretty
rare case of running out of memory. I think there is not even a NULL
pointer dereference because UUID is optional.
> Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
> ---
> drivers/thunderbolt/icm.c | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
> index 2f30b816705a..09ab31ea9128 100644
> --- a/drivers/thunderbolt/icm.c
> +++ b/drivers/thunderbolt/icm.c
> @@ -109,7 +109,7 @@ struct icm {
> int (*driver_ready)(struct tb *tb,
> enum tb_security_level *security_level,
> u8 *proto_version, size_t *nboot_acl, bool *rpm);
> - void (*set_uuid)(struct tb *tb);
> + int (*set_uuid)(struct tb *tb);
> void (*device_connected)(struct tb *tb,
> const struct icm_pkg_header *hdr);
> void (*device_disconnected)(struct tb *tb,
> @@ -1643,7 +1643,7 @@ icm_icl_driver_ready(struct tb *tb, enum tb_security_level *security_level,
> return 0;
> }
>
> -static void icm_icl_set_uuid(struct tb *tb)
> +static int icm_icl_set_uuid(struct tb *tb)
> {
> struct tb_nhi *nhi = tb->nhi;
> u32 uuid[4];
> @@ -1654,6 +1654,10 @@ static void icm_icl_set_uuid(struct tb *tb)
> uuid[3] = 0xffffffff;
>
> tb->root_switch->uuid = kmemdup(uuid, sizeof(uuid), GFP_KERNEL);
> + if (!tb->root_switch->uuid)
> + return -ENOMEM;
> +
> + return 0;
> }
>
> static void
> @@ -1739,6 +1743,11 @@ static void icm_handle_event(struct tb *tb, enum tb_cfg_pkg_type type,
>
> INIT_WORK(&n->work, icm_handle_notification);
> n->pkg = kmemdup(buf, size, GFP_KERNEL);
> + if (!n->pkg) {
> + kfree(n);
> + return;
> + }
> +
> n->tb = tb;
>
> queue_work(tb->wq, &n->work);
> @@ -2152,8 +2161,11 @@ static int icm_start(struct tb *tb)
> tb->root_switch->no_nvm_upgrade = !icm->can_upgrade_nvm;
> tb->root_switch->rpm = icm->rpm;
>
> - if (icm->set_uuid)
> - icm->set_uuid(tb);
> + if (icm->set_uuid) {
> + ret = icm->set_uuid(tb);
> + if (ret)
> + return ret;
> + }
>
> ret = tb_switch_add(tb->root_switch);
> if (ret) {
> --
> 2.25.1
Powered by blists - more mailing lists