lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABnWg9uGR1yn9EsRaMjihksL76dwUv9vEi9eF=OCpzLfTvyYLg@mail.gmail.com>
Date: Wed, 9 Oct 2024 08:41:45 -0700
From: Guillaume Ranquet <granquet@...libre.com>
To: Liankun Yang <liankun.yang@...iatek.com>, chunkuang.hu@...nel.org, 
	p.zabel@...gutronix.de, airlied@...il.com, simona@...ll.ch, 
	matthias.bgg@...il.com, angelogioacchino.delregno@...labora.com, 
	rex-bc.chen@...iatek.com, msp@...libre.com, ck.hu@...iatek.com, 
	jitao.shi@...iatek.com, mac.shen@...iatek.com, peng.liu@...iatek.com
Cc: Project_Global_Chrome_Upstream_Group@...iatek.com, 
	dri-devel@...ts.freedesktop.org, linux-mediatek@...ts.infradead.org, 
	linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2 1/1] drm/mediatek: Fix potential KP on 0 bytes nvmem
 cell read

On Fri, 27 Sep 2024 11:03, Liankun Yang <liankun.yang@...iatek.com> wrote:
>If the len is 0, kernel crash will occur when performing operations.
>Add the len check conditions to prevent kernel crash.
>
>Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
>Signed-off-by: Liankun Yang <liankun.yang@...iatek.com>
>---
>Changes in V2:
>- Fix the commit title.
>- Remove blank line between the Fixes and Signe-off-by.
>- Modify the judgment writing method.
>Per suggestion from the previous thread:
>https://patchwork.kernel.org/project/linux-mediatek/patch/20240925084116.28848-1-liankun.yang@mediatek.com/
>---
> drivers/gpu/drm/mediatek/mtk_dp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
>index d8796a904eca..9ecdf62398ee 100644
>--- a/drivers/gpu/drm/mediatek/mtk_dp.c
>+++ b/drivers/gpu/drm/mediatek/mtk_dp.c
>@@ -1082,7 +1082,7 @@ static void mtk_dp_get_calibration_data(struct mtk_dp *mtk_dp)
> 	buf = (u32 *)nvmem_cell_read(cell, &len);
> 	nvmem_cell_put(cell);
>
>-	if (IS_ERR(buf) || ((len / sizeof(u32)) != 4)) {
>+	if (IS_ERR(buf) || !len || ((len / sizeof(u32)) != 4)) {
> 		dev_warn(dev, "Failed to read nvmem_cell_read\n");

Hello Liankun,
Would you be able to describe the crash with more details?

I'm afraid I don't understand the fix?

if len is 0, dividing 0 by sizeof(u32) is 0 and thus != 4
So to me, checking for len != 0 is redundant?

Thx,
Guillaume.
>
> 		if (!IS_ERR(buf))
>--
>2.45.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ