| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Apr 2024 17:00:24 -0700
From: Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
To: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
Cc: Jameson Thies <jthies@...gle.com>, heikki.krogerus@...ux.intel.com,
linux-usb@...r.kernel.org, pmalani@...omium.org, bleung@...gle.com,
andersson@...nel.org, fabrice.gasnier@...s.st.com, gregkh@...uxfoundation.org,
hdegoede@...hat.com, neil.armstrong@...aro.org, rajaram.regupathy@...el.com,
saranya.gopal@...el.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/4] usb: typec: ucsi: Fix null deref in trace
On Tue, Apr 23, 2024 at 7:06 PM Dmitry Baryshkov
<dmitry.baryshkov@...aro.org> wrote:
>
> On Wed, 24 Apr 2024 at 04:48, Jameson Thies <jthies@...gle.com> wrote:
> >
> > From: Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
> >
> > ucsi_register_altmode checks IS_ERR on returned pointer and treats
> > NULL as valid. This results in a null deref when
> > trace_ucsi_register_altmode is called. Return an error from
> > ucsi_register_displayport when it is not supported and register the
> > altmode with typec_port_register_altmode.
> >
> > Reviewed-by: Jameson Thies <jthies@...gle.com>
> > Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
> > ---
> > Changes in V2:
> > - Checks for error response from ucsi_register_displayport when
> > registering DisplayPort alternate mode.
> >
> > drivers/usb/typec/ucsi/ucsi.c | 3 +++
> > drivers/usb/typec/ucsi/ucsi.h | 2 +-
> > 2 files changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
> > index cb52e7b0a2c5c..f3b413f94fd28 100644
> > --- a/drivers/usb/typec/ucsi/ucsi.c
> > +++ b/drivers/usb/typec/ucsi/ucsi.c
> > @@ -361,6 +361,9 @@ static int ucsi_register_altmode(struct ucsi_connector *con,
> > switch (desc->svid) {
> > case USB_TYPEC_DP_SID:
> > alt = ucsi_register_displayport(con, override, i, desc);
> > + if (IS_ERR(alt) && PTR_ERR(alt) == -EOPNOTSUPP)
>
> This makes it ignore EOPNOTSUPP if it is returned by the non-stub
> implementation. I think the current state is actually better than the
> implementation found in this patch. I'd suggest adding a comment to
> ucsi_register_displayport() stub instead.
So originally on my system, I didn't have the displayport driver
config enabled. My expectation was that the alt-mode would show up but
would not be controllable (like all other alt-modes without drivers).
What ends up happening is that no alt-mode shows up and trying to
enable the trace crashes.
When the displayport support isn't there, I think it should just be
enumerated as a normal, unsupported alt-mode.
>
> > + alt = typec_port_register_altmode(con->port, desc);
> > +
> > break;
> > case USB_TYPEC_NVIDIA_VLINK_SID:
> > if (desc->vdo == USB_TYPEC_NVIDIA_VLINK_DBG_VDO)
> > diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
> > index c4d103db9d0f8..c663dce0659ee 100644
> > --- a/drivers/usb/typec/ucsi/ucsi.h
> > +++ b/drivers/usb/typec/ucsi/ucsi.h
> > @@ -496,7 +496,7 @@ ucsi_register_displayport(struct ucsi_connector *con,
> > bool override, int offset,
> > struct typec_altmode_desc *desc)
> > {
> > - return NULL;
> > + return ERR_PTR(-EOPNOTSUPP);
> > }
> >
> > static inline void
> > --
> > 2.44.0.769.g3c40516874-goog
> >
>
>
> --
> With best wishes
> Dmitry
Powered by blists - more mailing lists