lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f1075a73-627e-4b37-9b83-bac0d02675a5@gmx.de>
Date: Sun, 16 Mar 2025 00:56:19 +0100
From: Armin Wolf <W_Armin@....de>
To: Chenyuan Yang <chenyuan0y@...il.com>,
 Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
Cc: Hans de Goede <hdegoede@...hat.com>, platform-driver-x86@...r.kernel.org,
 LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] platform/x86: wmi: Add Null check for device

Am 14.03.25 um 17:29 schrieb Chenyuan Yang:

> Hi Ilpo,
>
> Thanks for pointing this out.
> This was found by our static analyzer.
> Sorry that the checker didn't make further reasoning.
>
> -Chenyuan

Please avoid sending patches based solely on warnings produced by static checkers. They often do not fully
understand the various side effects and semantics of individual parts of the code and can thus produce bogus
warnings. Please verify that a warning produced by a static checker is actually valid before sending a patch
next time.

Still i have to admit that the source code of the parse_wdg() function might benefit from some refactoring
in the far future.

Thanks,
Armin Wolf

>
> On Fri, Mar 14, 2025 at 6:41 AM Ilpo Järvinen
> <ilpo.jarvinen@...ux.intel.com> wrote:
>> On Thu, 13 Mar 2025, Chenyuan Yang wrote:
>>
>> Hi,
>>
>> Could you please be consistent in style and write "NULL" also in the
>> shortlog in the subject.
>>
>>> Not all devices have an ACPI companion fwnode, so device might be NULL.
>>> This is similar to the commit cd2fd6eab480
>>> ("platform/x86: int3472: Check for adev == NULL").
>> Please fold the paragraph normally.
>>
>>> Add a check for device not being set and return -ENODEV in that case to
>>> avoid a possible NULL pointer deref in parse_wdg().
>>>
>>> Note, acpi_wmi_probe() under the same file has such a check.
>> Hmm, is this a bogus fix, as parse_wdg() is only called from
>> acpi_wmi_probe() so how can ACPI companion turn NULL in between??
>>
>> How was this problem found??
>>
>>> Signed-off-by: Chenyuan Yang <chenyuan0y@...il.com>
>>> ---
>>>   drivers/platform/x86/wmi.c | 3 +++
>>>   1 file changed, 3 insertions(+)
>>>
>>> diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c
>>> index 646370bd6b03..54e697838c1e 100644
>>> --- a/drivers/platform/x86/wmi.c
>>> +++ b/drivers/platform/x86/wmi.c
>>> @@ -1091,6 +1091,9 @@ static int parse_wdg(struct device *wmi_bus_dev, struct platform_device *pdev)
>>>        u32 i, total;
>>>        int retval;
>>>
>>> +     if (!device)
>>> +             return -ENODEV;
>>> +
>>>        status = acpi_evaluate_object(device->handle, "_WDG", NULL, &out);
>>>        if (ACPI_FAILURE(status))
>>>                return -ENXIO;
>>>
>> --
>>   i.
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ