lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <dc6d8995-3e7c-4459-b82c-8ba402fdc094@intel.com>
Date: Wed, 10 Jul 2024 14:41:08 +0300
From: Adrian Hunter <adrian.hunter@...el.com>
To: Ma Ke <make24@...as.ac.cn>, ulf.hansson@...aro.org,
 thomas.petazzoni@...e-electrons.com
Cc: linux-mmc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] mmc: sdhci-pxav3: Fix potential NULL dereference in
 sdhci_pxav3_probe

On 10/07/24 13:59, Ma Ke wrote:
> In sdhci_pxav3_probe(), mv_mbus_dram_info() returns NULL if
> CONFIG_PLAT_ORION macro is not defined[1]. Fix this bug by adding NULL 
> check.

As was commented last time, there already is a NULL check in
mv_conf_mbus_windows(). Another check is not necessary.

> 
> Fixes: aa8165f91442 ("mmc: sdhci-pxav3: do the mbus window configuration after enabling clocks")
> Signed-off-by: Ma Ke <make24@...as.ac.cn>
> ---
> Changes in v2:
> - refined the vulnerability description;

Referencing a link not actually in the commit message

> - provided similar vulnerability's reference link[2].

Not the same because in that case dram was dereferenced
without checking first.

> Reference link:
> [1] https://github.com/torvalds/linux/blob/34afb82a3c67f869267a26f593b6f8fc6bf35905/include/linux/mbus.h#L65
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d48d0c5fd733bd6d8d3ddb2ed553777ab4724169
> ---
>  drivers/mmc/host/sdhci-pxav3.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
> index 3af43ac05825..ac89cb2eb9f6 100644
> --- a/drivers/mmc/host/sdhci-pxav3.c
> +++ b/drivers/mmc/host/sdhci-pxav3.c
> @@ -375,6 +375,7 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
>  	struct sdhci_host *host = NULL;
>  	struct sdhci_pxa *pxa = NULL;
>  	const struct of_device_id *match;
> +	const struct mbus_dram_target_info *dram;
>  	int ret;
>  
>  	host = sdhci_pltfm_init(pdev, &sdhci_pxav3_pdata, sizeof(*pxa));
> @@ -406,7 +407,12 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
>  		ret = armada_38x_quirks(pdev, host);
>  		if (ret < 0)
>  			goto err_mbus_win;
> -		ret = mv_conf_mbus_windows(pdev, mv_mbus_dram_info());
> +		dram = mv_mbus_dram_info();
> +		if (!dram) {
> +			ret = 0;
> +			goto err_mbus_win;
> +		}
> +		ret = mv_conf_mbus_windows(pdev, dram);
>  		if (ret < 0)
>  			goto err_mbus_win;
>  	}


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ