lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 26 Jan 2024 14:16:57 +0900
From: "Seunghui Lee" <sh043.lee@...sung.com>
To: "'Greg KH'" <gregkh@...uxfoundation.org>
Cc: <linux-mmc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<ulf.hansson@...aro.org>, <avri.altman@....com>, <grant.jung@...sung.com>,
	<jt77.jang@...sung.com>, <dh0421.hwang@...sung.com>,
	<junwoo80.lee@...sung.com>, <jangsub.yi@...sung.com>,
	<cw9316.lee@...sung.com>, <sh8267.baek@...sung.com>, <wkon.kim@...sung.com>
Subject: RE: [PATCH] mmc: core: Fix null pointer dereference in bus_shutdown

> -----Original Message-----
> From: Greg KH <gregkh@...uxfoundation.org>
> Sent: Friday, January 19, 2024 5:21 PM
> To: Seunghui Lee <sh043.lee@...sung.com>
> Cc: linux-mmc@...r.kernel.org; linux-kernel@...r.kernel.org;
> ulf.hansson@...aro.org; avri.altman@....com; grant.jung@...sung.com;
> jt77.jang@...sung.com; dh0421.hwang@...sung.com; junwoo80.lee@...sung.com;
> jangsub.yi@...sung.com; cw9316.lee@...sung.com; sh8267.baek@...sung.com;
> wkon.kim@...sung.com
> Subject: Re: [PATCH] mmc: core: Fix null pointer dereference in
> bus_shutdown
> 
> On Fri, Jan 19, 2024 at 04:32:47PM +0900, Seunghui Lee wrote:
> > When shutting down removable device,
> > it can be occurred null pointer dereference.
> 
> How?
> 
> And please wrap your lines properly.
> 
> > To prevent null pointer dereference,
> > At first, check null pointer.
> > Next, block rescan worker to scan removable device during shutdown.
> 
> Why do two things?
> 
> >
> > Signed-off-by: Seunghui Lee <sh043.lee@...sung.com>
> > ---
> >  drivers/mmc/core/bus.c | 10 +++++++++-
> >  1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/mmc/core/bus.c b/drivers/mmc/core/bus.c index
> > 0af96548e7da..4f370a6577aa 100644
> > --- a/drivers/mmc/core/bus.c
> > +++ b/drivers/mmc/core/bus.c
> > @@ -143,9 +143,17 @@ static void mmc_bus_shutdown(struct device *dev)
> > {
> >  	struct mmc_driver *drv = to_mmc_driver(dev->driver);
> >  	struct mmc_card *card = mmc_dev_to_card(dev);
> > -	struct mmc_host *host = card->host;
> > +	struct mmc_host *host;
> >  	int ret;
> >
> > +	if (!drv || !card) {
> > +		pr_debug("%s: drv or card is NULL.\n", dev_name(dev));
> 
> What is this going to help with?  And why not use dev_dbg()?
> 
> How can drv ever be NULL?  That looks impossible to me based on just the
> code shown here.
> 
> > +		return;
> > +	}
> > +
> > +	host = card->host;
> 
> Why is this change needed?  This line can go back to the top just fine,
> right?
> 
> > +	host->rescan_disable = 1;
> 
> Shouldn't this be a separate change?  And what happens if the check for
> this is right before you set it?  Where is the locking to prevent the
> issue you are attempting to solve?
> 
> thanks,
> 
> greg k-h

I've checked the issue again.
This patch is not the proper solution.
I'll reject this patch.
Hi, Thank you for your comment.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ