| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d2a4a91d-1b8a-4136-af30-50eb693423df@linaro.org>
Date: Thu, 11 Apr 2024 10:49:03 +0100
From: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To: Viken Dadhaniya <quic_vdadhani@...cinc.com>, andersson@...nel.org,
konrad.dybcio@...aro.org, linux-arm-msm@...r.kernel.org,
alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Cc: quic_msavaliy@...cinc.com, quic_vtanuku@...cinc.com,
quic_anupkulk@...cinc.com, quic_cchiluve@...cinc.com
Subject: Re: [PATCH v1 RESEND] slimbus: stream: Add null pointer check for
client functions
Thanks Viken for the patch,
On 27/03/2024 08:32, Viken Dadhaniya wrote:
> There is a possible scenario where client driver is calling
> slimbus stream APIs in incorrect sequence and it might lead to
> invalid null access of the stream pointer in slimbus
> enable/disable/prepare/unprepare/free function.
>
> Fix this by checking validity of the stream before accessing in
> all function API’s exposed to client.
>
> Signed-off-by: Viken Dadhaniya <quic_vdadhani@...cinc.com>
> ---
> drivers/slimbus/stream.c | 37 +++++++++++++++++++++++++++++++++----
> 1 file changed, 33 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/slimbus/stream.c b/drivers/slimbus/stream.c
> index 1d6b38657917..c5a436fd0952 100644
> --- a/drivers/slimbus/stream.c
> +++ b/drivers/slimbus/stream.c
> @@ -202,10 +202,16 @@ static int slim_get_prate_code(int rate)
> int slim_stream_prepare(struct slim_stream_runtime *rt,
> struct slim_stream_config *cfg)
> {
> - struct slim_controller *ctrl = rt->dev->ctrl;
> + struct slim_controller *ctrl;
> struct slim_port *port;
> int num_ports, i, port_id, prrate;
>
> + if (!rt || !cfg) {
> + pr_err("%s: Stream or cfg is NULL, Check from client side\n", __func__);
Please use dev_err where possible
--srini
> + return -EINVAL;
> + }
> +
> + ctrl = rt->dev->ctrl;
> if (rt->ports) {
> dev_err(&rt->dev->dev, "Stream already Prepared\n");
> return -EINVAL;
> @@ -358,9 +364,15 @@ int slim_stream_enable(struct slim_stream_runtime *stream)
> {
> DEFINE_SLIM_BCAST_TXN(txn, SLIM_MSG_MC_BEGIN_RECONFIGURATION,
> 3, SLIM_LA_MANAGER, NULL);
> - struct slim_controller *ctrl = stream->dev->ctrl;
> + struct slim_controller *ctrl;
> int ret, i;
>
> + if (!stream) {
> + pr_err("%s: Stream is NULL, Check from client side\n", __func__);
> + return -EINVAL;
> + }
> +
> + ctrl = stream->dev->ctrl;
> if (ctrl->enable_stream) {
> ret = ctrl->enable_stream(stream);
> if (ret)
> @@ -411,12 +423,18 @@ int slim_stream_disable(struct slim_stream_runtime *stream)
> {
> DEFINE_SLIM_BCAST_TXN(txn, SLIM_MSG_MC_BEGIN_RECONFIGURATION,
> 3, SLIM_LA_MANAGER, NULL);
> - struct slim_controller *ctrl = stream->dev->ctrl;
> + struct slim_controller *ctrl;
> int ret, i;
>
> + if (!stream) {
> + pr_err("%s: Stream is NULL, Check from client side\n", __func__);
> + return -EINVAL;
> + }
> +
> if (!stream->ports || !stream->num_ports)
> return -EINVAL;
>
> + ctrl = stream->dev->ctrl;
> if (ctrl->disable_stream)
> ctrl->disable_stream(stream);
>
> @@ -448,6 +466,11 @@ int slim_stream_unprepare(struct slim_stream_runtime *stream)
> {
> int i;
>
> + if (!stream) {
> + pr_err("%s: Stream is NULL, Check from client side\n", __func__);
> + return -EINVAL;
> + }
> +
> if (!stream->ports || !stream->num_ports)
> return -EINVAL;
>
> @@ -476,8 +499,14 @@ EXPORT_SYMBOL_GPL(slim_stream_unprepare);
> */
> int slim_stream_free(struct slim_stream_runtime *stream)
> {
> - struct slim_device *sdev = stream->dev;
> + struct slim_device *sdev;
> +
> + if (!stream) {
> + pr_err("%s: Stream is NULL, Check from client side\n", __func__);
> + return -EINVAL;
> + }
>
> + sdev = stream->dev;
> spin_lock(&sdev->stream_list_lock);
> list_del(&stream->node);
> spin_unlock(&sdev->stream_list_lock);
Powered by blists - more mailing lists