lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ab04ebea-235b-e3ec-5982-e1f7907bcc64@linux.intel.com>
Date: Tue, 2 Apr 2024 15:36:21 +0300 (EEST)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Maxim Korotkov <korotkov.maxim.s@...il.com>
cc: Armin Wolf <W_Armin@....de>, Kenneth Chan <kenneth.t.chan@...il.com>, 
    Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>, 
    Len Brown <len.brown@...el.com>, 
    Henrique de Moraes Holschuh <hmh@....eng.br>, 
    Harald Welte <laforge@...monks.org>, Matthew Garrett <mjg@...hat.com>, 
    Ivan Kapranov <i.kapranov@...uritycode.ru>, lvc-project@...uxtesting.org, 
    platform-driver-x86@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] platform/x86: panasonic-laptop: fix NULL dereference

On Fri, 29 Mar 2024, Maxim Korotkov wrote:
> On 29.03.2024 03:21, Armin Wolf wrote:
> > > Added a pointer check to ensure that it is valid
> > > before using it for pcc initialization.
> > 
> > is this check even needed? I think the ACPI driver core takes care
> > of passing a valid ACPI device pointer to acpi_pcc_hotkey_remove().
> 
> I proceeded from the assumption that the current check was not redundant.
> Kuppuswamy correctly noted in the message that the device would most likely be
> valid for the function of removal.
> 
> However, in my opinion, checking for NULL is a good coding practice, and has
> now been implemented incorrectly in this case.
> 
> Eliminating NULL checks could potentially cause bugs in this context.

Hi,

If you're going to be submitting patches based on some automated tool 
which finds "bugs" in kernel, you need to be ready to go through the hoops 
of the review process and not just assume the patches are good as is.

We do not do pointless NULL checks in the kernel, this is not a matter of 
opinion. If there are unnecessary NULL checks, they should to be 
eventually removed (and definitely not used as an excuse to add more).

If the NULL check is not required as was implied to you by the reviewers, 
the correct response is to go check that the what the reviewers pointed 
out is true and _adapt_ the patch based on that. Then send a v2 of the 
patch. It how the kernel development process works. You might sometimes 
find the reviewers are wrong too, if that happens you can come back and 
point out why the patch is correct.

Either removing that check adds a bug or it doesn't. Not "potentially" 
which is just an excuse for not wanting to figure it out from the code.
It takes time and significant effort, I know, but spending time is 
required if you want to participate in the kernel development.

-- 
 i.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ