lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 12 Jan 2022 13:13:10 +0000
From:   Pawel Laszczak <pawell@...ence.com>
To:     Peter Chen <peter.chen@...nel.org>
CC:     "a-govindraju@...com" <a-govindraju@...com>,
        "frank.li@....com" <frank.li@....com>,
        "rogerq@...nel.org" <rogerq@...nel.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: RE: [PATCH] usb: cdnsp: Fix segmentation fault in cdns_lost_power
 function

>
>On 22-01-11 10:07:37, Pawel Laszczak wrote:
>> From: Pawel Laszczak <pawell@...ence.com>
>>
>> CDNSP driver read not initialized cdns->otg_v0_regs
>> which lead to segmentation fault. Patch fixes this issue.
>>
>> Fixes: 2cf2581cd229 ("usb: cdns3: add power lost support for system resume")
>> cc: <stable@...r.kernel.org>
>> Signed-off-by: Pawel Laszczak <pawell@...ence.com>
>> ---
>>  drivers/usb/cdns3/drd.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/usb/cdns3/drd.c b/drivers/usb/cdns3/drd.c
>> index 55c73b1d8704..d00ff98dffab 100644
>> --- a/drivers/usb/cdns3/drd.c
>> +++ b/drivers/usb/cdns3/drd.c
>> @@ -483,11 +483,11 @@ int cdns_drd_exit(struct cdns *cdns)
>>  /* Indicate the cdns3 core was power lost before */
>>  bool cdns_power_is_lost(struct cdns *cdns)
>>  {
>> -	if (cdns->version == CDNS3_CONTROLLER_V1) {
>> -		if (!(readl(&cdns->otg_v1_regs->simulate) & BIT(0)))
>> +	if (cdns->version == CDNS3_CONTROLLER_V0) {
>> +		if (!(readl(&cdns->otg_v0_regs->simulate) & BIT(0)))
>>  			return true;
>>  	} else {
>> -		if (!(readl(&cdns->otg_v0_regs->simulate) & BIT(0)))
>> +		if (!(readl(&cdns->otg_v1_regs->simulate) & BIT(0)))
>>  			return true;
>>  	}
>>  	return false;
>> --
>
>Pawel, may this lead cdns driver segment fault?
>

Yes, we can observe such situation for CDNSP driver on simulation. 
As you know, it is a common code and driver support two version  of register map for DRD.

If cdns->version  == CDNSP_CONTROLLER_V2 (for CNDSP) the cdns->otg_v0_regs is NULL.
It will cause segmentation fault. 

I didn't analyze why this issue was not observed on my FPGA testing board.

Regards,

Pawel Laszczak

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ