| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <011a01da5016$e23f41f0$a6bdc5d0$@samsung.com>
Date: Fri, 26 Jan 2024 14:16:57 +0900
From: "Seunghui Lee" <sh043.lee@...sung.com>
To: "'Greg KH'" <gregkh@...uxfoundation.org>
Cc: <linux-mmc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<ulf.hansson@...aro.org>, <avri.altman@....com>, <grant.jung@...sung.com>,
<jt77.jang@...sung.com>, <dh0421.hwang@...sung.com>,
<junwoo80.lee@...sung.com>, <jangsub.yi@...sung.com>,
<cw9316.lee@...sung.com>, <sh8267.baek@...sung.com>, <wkon.kim@...sung.com>
Subject: RE: [PATCH] mmc: core: Fix null pointer dereference in bus_shutdown
> -----Original Message-----
> From: Greg KH <gregkh@...uxfoundation.org>
> Sent: Friday, January 19, 2024 5:21 PM
> To: Seunghui Lee <sh043.lee@...sung.com>
> Cc: linux-mmc@...r.kernel.org; linux-kernel@...r.kernel.org;
> ulf.hansson@...aro.org; avri.altman@....com; grant.jung@...sung.com;
> jt77.jang@...sung.com; dh0421.hwang@...sung.com; junwoo80.lee@...sung.com;
> jangsub.yi@...sung.com; cw9316.lee@...sung.com; sh8267.baek@...sung.com;
> wkon.kim@...sung.com
> Subject: Re: [PATCH] mmc: core: Fix null pointer dereference in
> bus_shutdown
>
> On Fri, Jan 19, 2024 at 04:32:47PM +0900, Seunghui Lee wrote:
> > When shutting down removable device,
> > it can be occurred null pointer dereference.
>
> How?
>
> And please wrap your lines properly.
>
> > To prevent null pointer dereference,
> > At first, check null pointer.
> > Next, block rescan worker to scan removable device during shutdown.
>
> Why do two things?
>
> >
> > Signed-off-by: Seunghui Lee <sh043.lee@...sung.com>
> > ---
> > drivers/mmc/core/bus.c | 10 +++++++++-
> > 1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/mmc/core/bus.c b/drivers/mmc/core/bus.c index
> > 0af96548e7da..4f370a6577aa 100644
> > --- a/drivers/mmc/core/bus.c
> > +++ b/drivers/mmc/core/bus.c
> > @@ -143,9 +143,17 @@ static void mmc_bus_shutdown(struct device *dev)
> > {
> > struct mmc_driver *drv = to_mmc_driver(dev->driver);
> > struct mmc_card *card = mmc_dev_to_card(dev);
> > - struct mmc_host *host = card->host;
> > + struct mmc_host *host;
> > int ret;
> >
> > + if (!drv || !card) {
> > + pr_debug("%s: drv or card is NULL.\n", dev_name(dev));
>
> What is this going to help with? And why not use dev_dbg()?
>
> How can drv ever be NULL? That looks impossible to me based on just the
> code shown here.
>
> > + return;
> > + }
> > +
> > + host = card->host;
>
> Why is this change needed? This line can go back to the top just fine,
> right?
>
> > + host->rescan_disable = 1;
>
> Shouldn't this be a separate change? And what happens if the check for
> this is right before you set it? Where is the locking to prevent the
> issue you are attempting to solve?
>
> thanks,
>
> greg k-h
I've checked the issue again.
This patch is not the proper solution.
I'll reject this patch.
Hi, Thank you for your comment.
Powered by blists - more mailing lists