lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <18f2a5b5-5cc2-6bea-ca08-5da218b3192b@linaro.org>
Date:   Mon, 17 Jul 2023 14:40:05 +0200
From:   Konrad Dybcio <konrad.dybcio@...aro.org>
To:     Johan Hovold <johan@...nel.org>
Cc:     Robert Foss <rfoss@...nel.org>, Todor Tomov <todor.too@...il.com>,
        Bryan O'Donoghue <bryan.odonoghue@...aro.org>,
        Andy Gross <agross@...nel.org>,
        Bjorn Andersson <andersson@...nel.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Marijn Suijten <marijn.suijten@...ainline.org>,
        Yassine Oudjana <y.oudjana@...tonmail.com>,
        linux-media@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] media: camss: Intepret OF graph connections more
 sensibly

On 17.07.2023 12:48, Johan Hovold wrote:
> On Sat, Jul 15, 2023 at 05:37:52PM +0200, Konrad Dybcio wrote:
>> Not all endpoints of camss have to be populated. In fact, most of the
>> time they shouldn't be as n-th auxilliary cameras are usually ewaste.
>>
>> Don't fail probing the entire camss even even one endpoint is not
>> linked and throw an error when none is found.
>>
>> Signed-off-by: Konrad Dybcio <konrad.dybcio@...aro.org>
>> ---
>> Changes in v2:
>> - Use if-else instead of the ternary operator (Bryan)
>> - Drop "RFC"
>> - Link to v1: https://lore.kernel.org/r/20230614-topic-camss_grpah-v1-1-5f4b516310fa@linaro.org
>> ---
>>  drivers/media/platform/qcom/camss/camss.c | 10 ++++++----
>>  1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c
>> index 1ef26aea3eae..8b75197fa5d7 100644
>> --- a/drivers/media/platform/qcom/camss/camss.c
>> +++ b/drivers/media/platform/qcom/camss/camss.c
>> @@ -1084,9 +1084,8 @@ static int camss_of_parse_ports(struct camss *camss)
>>  
>>  		remote = of_graph_get_remote_port_parent(node);
>>  		if (!remote) {
>> -			dev_err(dev, "Cannot get remote parent\n");
>> -			ret = -EINVAL;
>> -			goto err_cleanup;
>> +			of_node_put(node);
> 
> This is broken and could potentially lead to a use after free.
> 
> Specifically, the iteration macro already takes care of putting this
> reference.
/**
 * for_each_endpoint_of_node - iterate over every endpoint in a device node
 * @parent: parent device node containing ports and endpoints
 * @child: loop variable pointing to the current endpoint node
 *
 * When breaking out of the loop, of_node_put(child) has to be called manually.
 */

> 
>> +			continue;
>>  		}
>>  
>>  		csd = v4l2_async_nf_add_fwnode(&camss->notifier,
>> @@ -1105,7 +1104,10 @@ static int camss_of_parse_ports(struct camss *camss)
>>  		num_subdevs++;
>>  	}
>>  
>> -	return num_subdevs;
>> +	if (num_subdevs)
>> +		return num_subdevs;
>> +
>> +	return -EINVAL;
> 
> Please change this so that you test for the error condition rather than
> its inverse for symmetry. That is
> 
> 	if (!num_subdevs)
> 		return -EINVAL;
> 
> 	return num_subdevs;
Right, this makes more sense

Konrad
> 
> Returning EINVAL (invalid argument) is perhaps not the best choice, but
> the driver already does so here and in other places so keeping it for
> now should be fine.
> 
>>  err_cleanup:
>>  	of_node_put(node);
> 
> Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ