lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240426224746.GA611050@bhelgaas>
Date: Fri, 26 Apr 2024 17:47:46 -0500
From: Bjorn Helgaas <helgaas@...nel.org>
To: Alexander Lobakin <aleksander.lobakin@...el.com>
Cc: Aleksandr Mishin <amishin@...rgos.ru>, Rob Herring <robh@...nel.org>,
	Lorenzo Pieralisi <lpieralisi@...nel.org>,
	Krzysztof Wilczyński <kw@...ux.com>,
	Bjorn Helgaas <bhelgaas@...gle.com>,
	Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
	Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
	Serge Semin <fancer.lancer@...il.com>,
	Niklas Cassel <cassel@...nel.org>,
	Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>,
	Damien Le Moal <dlemoal@...nel.org>,
	Siddharth Vadapalli <s-vadapalli@...com>, linux-pci@...r.kernel.org,
	linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH v2] PCI: dwc: keystone: Fix potential NULL dereference

On Thu, Apr 25, 2024 at 03:00:14PM +0200, Alexander Lobakin wrote:
> From: Aleksandr Mishin <amishin@...rgos.ru>
> Date: Thu, 25 Apr 2024 12:21:35 +0300
> 
> > In ks_pcie_setup_rc_app_regs() resource_list_first_type() may return
> > NULL which is later dereferenced. Fix this bug by adding NULL check.
> > 
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Please stop spamming with "potential fixes" made mechanically from
> static analyzer reports without looking into the code flow. These
> patches are mostly incorrect and may hurt.
> Either have a stable repro and then fix the real bug or don't touch
> anything at all.

Did you look at the actual patch?  I'm not a keystone expert, but this
patch looks reasonable to me.

It might still be the case that we're guaranteed to have an
IORESOURCE_MEM window by other code, but it looks like a real hassle
to prove that.

> > Fixes: 0f71c60ffd26 ("PCI: dwc: Remove storing of PCI resources")
> > Signed-off-by: Aleksandr Mishin <amishin@...rgos.ru>
> 
> Thanks,
> Olek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ