lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220107115000.4057454-1-jiasheng@iscas.ac.cn>
Date:   Fri,  7 Jan 2022 19:50:00 +0800
From:   Jiasheng Jiang <jiasheng@...as.ac.cn>
To:     David.Laight@...LAB.COM, damien.lemoal@...nsource.wdc.com,
        davem@...emloft.net
Cc:     linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, Jiasheng Jiang <jiasheng@...as.ac.cn>
Subject: [PATCH v3] ide: Check for null pointer after calling devm_ioremap

In linux-stable-5.15.13, this file has been removed and combined
to `drivers/ata/pata_platform.c` without this bug.
But in the older LTS kernels, like 5.10.90, this bug still exists.
As the possible failure of the devres_alloc(), the devm_ioremap() and
devm_ioport_map() may return NULL pointer.
And then, the 'base' and 'alt_base' are used in plat_ide_setup_ports().
Therefore, it should be better to add the check in order to avoid the
dereference of the NULL pointer.
Actually, it introduced the bug from commit 8cb1f567f4c0
("ide: Platform IDE driver") and we can know from the commit message
that it tended to be similar to the `drivers/ata/pata_platform.c`.
But actually, even the first time pata_platform was built,
commit a20c9e820864 ("[PATCH] ata: Generic platform_device libata driver"),
there was no the bug, as there was a check after the ioremap().
So possibly the bug was caused by ide itself.

Fixes: 8cb1f567f4c0 ("ide: Platform IDE driver")
Cc: stable@...r.kernel.org#5.10.90
Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
---
Changelog

v2 -> v3

* Change 1. Correct the fixes tag and commit message.
* Change 2. Correct the code.
---
 drivers/ide/ide_platform.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/ide/ide_platform.c b/drivers/ide/ide_platform.c
index 91639fd6c276..5500c5afb3ca 100644
--- a/drivers/ide/ide_platform.c
+++ b/drivers/ide/ide_platform.c
@@ -85,6 +85,10 @@ static int plat_ide_probe(struct platform_device *pdev)
 		alt_base = devm_ioport_map(&pdev->dev,
 			res_alt->start, resource_size(res_alt));
 	}
+	if (!base || !alt_base) {
+		ret = -ENOMEM;
+		goto out;
+	}
 
 	memset(&hw, 0, sizeof(hw));
 	plat_ide_setup_ports(&hw, base, alt_base, pdata, res_irq->start);
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ