| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Aug 2023 22:57:46 +0200
From: Borislav Petkov <bp@...en8.de>
To: "Colin King (gmail)" <colin.i.king@...il.com>
Cc: Michael Roth <michael.roth@....com>,
Brijesh Singh <brijesh.singh@....com>,
Borislav Petkov <bp@...e.de>, x86@...nel.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: potential null pointer dereference in setup_cpuid_table
On Thu, Jul 27, 2023 at 03:22:42PM +0100, Colin King (gmail) wrote:
> Hi,
>
> Static analysis with cppcheck found a potential null pointer dereference in
> function setup_cpuid_table in arch/x86/kernel/sev-shared.c as follows:
>
> if (!cc_info || !cc_info->cpuid_phys || cc_info->cpuid_len <
> PAGE_SIZE)
> sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID);
>
> cpuid_table_fw = (const struct snp_cpuid_table
> *)cc_info->cpuid_phys;
>
>
> cc_info is being null checked, so it's potentially null,
You mean, it is not null if the check passes?
> however, the assignment to cpuid_table_fw is dereferencing cc_info.
> Either cc_info is never null and the null check is redundant, or there
> is a potential null pointer dereference.
I'm not sure what you're asking. It is checked for !NULL in the if
clause.
Or are you missing the fact that sev_es_terminate() actually terminates
the guest so that if it is NULL, it won't ever be dereferenced?
Or am I missing something?
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists