lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 19 Sep 2022 17:18:55 +0800
From:   kernel test robot <lkp@...el.com>
To:     Hyunwoo Kim <imv4bel@...il.com>, lkundrak@...sk
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org, imv4bel@...il.com, arnd@...db.de,
        gregkh@...uxfoundation.org, linux@...inikbrodowski.net
Subject: Re: [PATCH v3] char: pcmcia: scr24x_cs: Fix use-after-free in
 scr24x_fops

Hi Hyunwoo,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on linus/master v6.0-rc6 next-20220916]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Hyunwoo-Kim/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_fops/20220919-121035
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git ceecbbddbf549fe0b7ffa3804a6e255b3360030f
config: hexagon-randconfig-r041-20220919 (https://download.01.org/0day-ci/archive/20220919/202209191730.mhZmYKD3-lkp@intel.com/config)
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 791a7ae1ba3efd6bca96338e10ffde557ba83920)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/intel-lab-lkp/linux/commit/823ffd6f522e65ce9730fe5bc2ea59221adee881
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Hyunwoo-Kim/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_fops/20220919-121035
        git checkout 823ffd6f522e65ce9730fe5bc2ea59221adee881
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash drivers/char/pcmcia/

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

>> drivers/char/pcmcia/scr24x_cs.c:107:12: warning: variable 'dev' is uninitialized when used here [-Wuninitialized]
           kref_get(&dev->refcnt);
                     ^~~
   drivers/char/pcmcia/scr24x_cs.c:93:24: note: initialize the variable 'dev' to silence this warning
           struct scr24x_dev *dev;
                                 ^
                                  = NULL
   1 warning generated.


vim +/dev +107 drivers/char/pcmcia/scr24x_cs.c

f2ed287bcc9073 Lubomir Rintel 2016-10-25   90  
f2ed287bcc9073 Lubomir Rintel 2016-10-25   91  static int scr24x_open(struct inode *inode, struct file *filp)
f2ed287bcc9073 Lubomir Rintel 2016-10-25   92  {
823ffd6f522e65 Hyunwoo Kim    2022-09-18   93  	struct scr24x_dev *dev;
823ffd6f522e65 Hyunwoo Kim    2022-09-18   94  	struct pcmcia_device *link;
823ffd6f522e65 Hyunwoo Kim    2022-09-18   95  	int minor = iminor(inode);
823ffd6f522e65 Hyunwoo Kim    2022-09-18   96  
823ffd6f522e65 Hyunwoo Kim    2022-09-18   97  	if (minor >= SCR24X_DEVS)
823ffd6f522e65 Hyunwoo Kim    2022-09-18   98  		return -ENODEV;
823ffd6f522e65 Hyunwoo Kim    2022-09-18   99  
823ffd6f522e65 Hyunwoo Kim    2022-09-18  100  	mutex_lock(&remove_mutex);
823ffd6f522e65 Hyunwoo Kim    2022-09-18  101  	link = dev_table[minor];
823ffd6f522e65 Hyunwoo Kim    2022-09-18  102  	if (link == NULL) {
823ffd6f522e65 Hyunwoo Kim    2022-09-18  103  		mutex_unlock(&remove_mutex);
823ffd6f522e65 Hyunwoo Kim    2022-09-18  104  		return -ENODEV;
823ffd6f522e65 Hyunwoo Kim    2022-09-18  105  	}
f2ed287bcc9073 Lubomir Rintel 2016-10-25  106  
f2ed287bcc9073 Lubomir Rintel 2016-10-25 @107  	kref_get(&dev->refcnt);
f2ed287bcc9073 Lubomir Rintel 2016-10-25  108  	filp->private_data = dev;
823ffd6f522e65 Hyunwoo Kim    2022-09-18  109  	mutex_unlock(&remove_mutex);
f2ed287bcc9073 Lubomir Rintel 2016-10-25  110  
c5bf68fe0c86a5 Kirill Smelkov 2019-03-26  111  	return stream_open(inode, filp);
f2ed287bcc9073 Lubomir Rintel 2016-10-25  112  }
f2ed287bcc9073 Lubomir Rintel 2016-10-25  113  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Powered by blists - more mailing lists