lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 21 Apr 2024 11:30:17 +0200
From: "Christian A. Ehrhardt" <lk@...e.de>
To: Jameson Thies <jthies@...gle.com>
Cc: heikki.krogerus@...ux.intel.com, linux-usb@...r.kernel.org,
	pmalani@...omium.org, bleung@...gle.com,
	abhishekpandit@...omium.org, andersson@...nel.org,
	dmitry.baryshkov@...aro.org, fabrice.gasnier@...s.st.com,
	gregkh@...uxfoundation.org, hdegoede@...hat.com,
	neil.armstrong@...aro.org, rajaram.regupathy@...el.com,
	saranya.gopal@...el.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 1/4] usb: typec: ucsi: Fix null deref in trace


Hi Jameson,

On Fri, Apr 19, 2024 at 09:16:47PM +0000, Jameson Thies wrote:
> From: Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
> 
> ucsi_register_altmode checks IS_ERR on returned pointer and treats
> NULL as valid. This results in a null deref when
> trace_ucsi_register_altmode is called.
> 
> Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
> ---
>  drivers/usb/typec/ucsi/ucsi.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
> index c4d103db9d0f8..c663dce0659ee 100644
> --- a/drivers/usb/typec/ucsi/ucsi.h
> +++ b/drivers/usb/typec/ucsi/ucsi.h
> @@ -496,7 +496,7 @@ ucsi_register_displayport(struct ucsi_connector *con,
>  			  bool override, int offset,
>  			  struct typec_altmode_desc *desc)
>  {
> -	return NULL;
> +	return ERR_PTR(-EOPNOTSUPP);
>  }

Hm. This does not look correct to me. Ignoring trace the old code
would have returned success if displayport is not compiled in and
all altmodes (except for display port) would be registered.

With your code ucsi_register_altmodes will always fail and abort
altmode registration if it finds a displayport altmode and
CONFIG_TYPEC_DP_ALTMODE is not set. I don't think this is what we want.

Maybe it is better to guard the trace call with an if?

Am I missing something?

Best regards,
Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ