lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202501180932.8MILoqSq-lkp@intel.com>
Date: Sat, 18 Jan 2025 09:25:06 +0800
From: kernel test robot <lkp@...el.com>
To: Qiu-ji Chen <chenqiuji666@...il.com>, nipun.gupta@....com,
	nikhil.agarwal@....com
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org,
	baijiaju1990@...il.com, greg@...ah.com,
	Qiu-ji Chen <chenqiuji666@...il.com>, stable@...r.kernel.org
Subject: Re: [PATCH v3] cdx: Fix possible UAF error in driver_override_show()

Hi Qiu-ji,

kernel test robot noticed the following build warnings:

[auto build test WARNING on linus/master]
[also build test WARNING on v6.13-rc7 next-20250117]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Qiu-ji-Chen/cdx-Fix-possible-UAF-error-in-driver_override_show/20250115-170808
base:   linus/master
patch link:    https://lore.kernel.org/r/20250115090449.102060-1-chenqiuji666%40gmail.com
patch subject: [PATCH v3] cdx: Fix possible UAF error in driver_override_show()
config: arm64-randconfig-002-20250116 (https://download.01.org/0day-ci/archive/20250118/202501180932.8MILoqSq-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250118/202501180932.8MILoqSq-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202501180932.8MILoqSq-lkp@intel.com/

All warnings (new ones prefixed by >>):

   drivers/cdx/cdx.c: In function 'driver_override_show':
>> drivers/cdx/cdx.c:473:17: warning: variable 'len' set but not used [-Wunused-but-set-variable]
     473 |         ssize_t len;
         |                 ^~~
>> drivers/cdx/cdx.c:478:1: warning: no return statement in function returning non-void [-Wreturn-type]
     478 | }
         | ^


vim +/len +473 drivers/cdx/cdx.c

   468	
   469	static ssize_t driver_override_show(struct device *dev,
   470					    struct device_attribute *attr, char *buf)
   471	{
   472		struct cdx_device *cdx_dev = to_cdx_device(dev);
 > 473		ssize_t len;
   474	
   475		device_lock(dev);
   476		len = sysfs_emit(buf, "%s\n", cdx_dev->driver_override);
   477		device_unlock(dev);
 > 478	}
   479	static DEVICE_ATTR_RW(driver_override);
   480	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ