lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 3 Jun 2022 16:20:29 +0100
From:   Jonathan Cameron <jic23@...nel.org>
To:     Yongzhi Liu <lyz_cs@....edu.cn>
Cc:     agross@...nel.org, bjorn.andersson@...aro.org, lars@...afoo.de,
        svarbanov@...sol.com, iivanov@...sol.com,
        jonathan.cameron@...wei.com, linux-arm-msm@...r.kernel.org,
        linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org,
        fuyq@....pku.edu.cn
Subject: Re: [PATCH v4] iio: vadc: Fix potential dereference of NULL pointer

On Fri, 3 Jun 2022 16:02:22 +0100
Jonathan Cameron <jic23@...nel.org> wrote:

> On Sun, 22 May 2022 09:53:47 -0700
> Yongzhi Liu <lyz_cs@....edu.cn> wrote:
> 
> > The return value of vadc_get_channel() needs to be checked to
> > avoid use of NULL pointer. vadc_do_conversion() already provides
> > error prints in at least some of it's error paths. Thus it is
> > reasonable to add the null pointer check on prop and drop the
> > extra reporting in vadc_measure_ref_points().
> > 
> > Signed-off-by: Yongzhi Liu <lyz_cs@....edu.cn>  
> 
> Hi
> 
> Biggest remaining thing is squashing
> ret = -ENODEV;
> return ret;
> 
> into the shorter
> return -ENODEV;
> 
One additional process thing I didn't mention before now as this is a
single patch.

Generally for IIO at least, don't send new versions in reply to old threads.
The threads can get very deep and confusing, so I'd much rather a new thread
for each version.

Thanks,

Jonathan

> 
> > ---
> >  drivers/iio/adc/qcom-spmi-vadc.c | 38 ++++++++++++++++++++++++++++----------
> >  1 file changed, 28 insertions(+), 10 deletions(-)
> > 
> > diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c
> > index 34202ba..43a52b1 100644
> > --- a/drivers/iio/adc/qcom-spmi-vadc.c
> > +++ b/drivers/iio/adc/qcom-spmi-vadc.c
> > @@ -358,22 +358,33 @@ static int vadc_measure_ref_points(struct vadc_priv *vadc)
> >  	vadc->graph[VADC_CALIB_ABSOLUTE].dx = VADC_ABSOLUTE_RANGE_UV;
> >  
> >  	prop = vadc_get_channel(vadc, VADC_REF_1250MV);
> > +	if (!prop) {
> > +		dev_err(vadc->dev, "Please define 1.25V channel\n");  
> Probably makes more sense to have the error as 
> "No 1.25V channel found\n");
> 
> It's not obvious to anyone getting this error what 'define' might mean
> without them looking at the code, so I'd rather we just said what had
> gone wrong rather offering incomplete advice.
> 
> > +		ret = -ENODEV;  
> 
> Don't bother assigning a variable just to return it in the next line.
> 
> return -ENODEV;
> 
> > +		return ret;
> > +	}
> >  	ret = vadc_do_conversion(vadc, prop, &read_1);
> >  	if (ret)
> > -		goto err;
> > +		return ret;
> >  
> >  	/* Try with buffered 625mV channel first */
> >  	prop = vadc_get_channel(vadc, VADC_SPARE1);
> > -	if (!prop)
> > +	if (!prop) {
> >  		prop = vadc_get_channel(vadc, VADC_REF_625MV);
> > +		if (!prop) {
> > +			dev_err(vadc->dev, "Please define 0.625V channel\n");  
> "No 0.625V channel found\n"
> > +			ret = -ENODEV;  
> 
> return -ENODEV;
> 
> > +			return ret;
> > +		}
> > +	}
> >  
> >  	ret = vadc_do_conversion(vadc, prop, &read_2);
> >  	if (ret)
> > -		goto err;
> > +		return ret;
> >  
> >  	if (read_1 == read_2) {
> >  		ret = -EINVAL;
> > -		goto err;
> > +		return ret;
> >  	}
> >  
> >  	vadc->graph[VADC_CALIB_ABSOLUTE].dy = read_1 - read_2;
> > @@ -381,25 +392,32 @@ static int vadc_measure_ref_points(struct vadc_priv *vadc)
> >  
> >  	/* Ratiometric calibration */
> >  	prop = vadc_get_channel(vadc, VADC_VDD_VADC);
> > +	if (!prop) {
> > +		dev_err(vadc->dev, "Please define VDD channel\n");  
> 
> "No VDD channel found\n"
> 
> > +		ret = -ENODEV;
> > +		return ret;
> > +	}
> >  	ret = vadc_do_conversion(vadc, prop, &read_1);
> >  	if (ret)
> > -		goto err;
> > +		return ret;
> >  
> >  	prop = vadc_get_channel(vadc, VADC_GND_REF);
> > +	if (!prop) {
> > +		dev_err(vadc->dev, "Please define GND channel\n");  
> 
> "No GND channel found\n"
> 
> > +		ret = -ENODEV;
> > +		return ret;  
> 
> return -ENODEV;
> 
> > +	}
> >  	ret = vadc_do_conversion(vadc, prop, &read_2);
> >  	if (ret)
> > -		goto err;
> > +		return ret;
> >  
> >  	if (read_1 == read_2) {
> >  		ret = -EINVAL;
> > -		goto err;
> > +		return ret;  
> 
> return -ENODEV;
> 
> >  	}
> >  
> >  	vadc->graph[VADC_CALIB_RATIOMETRIC].dy = read_1 - read_2;
> >  	vadc->graph[VADC_CALIB_RATIOMETRIC].gnd = read_2;
> > -err:
> > -	if (ret)
> > -		dev_err(vadc->dev, "measure reference points failed\n");
> >  
> >  	return ret;  
> 
> Can't get here with anything other than ret == 0 so
> 	return 0;
> to make that explicit.
> 
> 
> >  }  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ