| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZsY9k72i0h4pciEz@hu-bjorande-lv.qualcomm.com>
Date: Wed, 21 Aug 2024 12:18:43 -0700
From: Bjorn Andersson <quic_bjorande@...cinc.com>
To: Simon Horman <horms@...nel.org>
CC: Ma Ke <make24@...as.ac.cn>, <vkoul@...nel.org>,
<alexandre.torgue@...s.st.com>, <joabreu@...opsys.com>,
<davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>,
<pabeni@...hat.com>, <mcoquelin.stm32@...il.com>,
<niklas.cassel@...aro.org>, <netdev@...r.kernel.org>,
<linux-arm-msm@...r.kernel.org>,
<linux-stm32@...md-mailman.stormreply.com>,
<linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
<stable@...r.kernel.org>
Subject: Re: [PATCH] net: stmmac: Check NULL ptr on lvts_data in
qcom_ethqos_probe()
On Wed, Aug 21, 2024 at 06:37:30PM +0100, Simon Horman wrote:
> On Wed, Aug 21, 2024 at 09:19:49PM +0800, Ma Ke wrote:
> > of_device_get_match_data() can return NULL if of_match_device failed, and
> > the pointer 'data' was dereferenced without checking against NULL. Add
> > checking of pointer 'data' in qcom_ethqos_probe().
> >
> > Cc: stable@...r.kernel.org
> > Fixes: a7c30e62d4b8 ("net: stmmac: Add driver for Qualcomm ethqos")
> > Signed-off-by: Ma Ke <make24@...as.ac.cn>
>
> Hi Ma Ke,
>
> There is probably no need to repost just because of this.
> But as a fix for Networking code it should be targeted at the net tree.
>
> Subject: [PATCH net] ...
>
> > ---
> > drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
> > index 901a3c1959fa..f18393fe58a4 100644
> > --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
> > +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
> > @@ -838,6 +838,9 @@ static int qcom_ethqos_probe(struct platform_device *pdev)
> > ethqos->mac_base = stmmac_res.addr;
> >
> > data = of_device_get_match_data(dev);
> > + if (!data)
> > + return -ENODEV;
> > +
>
> In this function dev_err_probe() is used, I assume in cases
> where a function that returns an error does not emit any logs.
>
> For consistency, perhaps that is appropriate here too?
>
Unless I'm missing something here this function can only ever be invoked
by a match against one of the entries in qcom_ethqos_match[], which all
of them have a non-NULL data pointer.
As such, if we somehow arrive here with data of NULL, the NULL pointer
dereference on the next line will provide a welcome large splat and a
callstack indicating that we have a problem.
If there's some use case I'm missing, I would prefer if this was
documented in the commit message.
Regards,
Bjorn
> > ethqos->por = data->por;
> > ethqos->num_por = data->num_por;
> > ethqos->rgmii_config_loopback_en = data->rgmii_config_loopback_en;
> > --
> > 2.25.1
Powered by blists - more mailing lists