lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <dcd30b77-a856-3613-6905-79d2de7f7e73@linux.intel.com>
Date: Mon, 17 Mar 2025 18:07:13 +0200 (EET)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Chenyuan Yang <chenyuan0y@...il.com>
cc: W_Armin@....de, Hans de Goede <hdegoede@...hat.com>, 
    platform-driver-x86@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] platform/x86: wmi: Add Null check for device

On Fri, 14 Mar 2025, Chenyuan Yang wrote:

> Hi Ilpo,
> 
> Thanks for pointing this out.
> This was found by our static analyzer.
> Sorry that the checker didn't make further reasoning.

Hi Chenyuan,

Then you should be the one who does that further reasoning before sending 
the patch out. :-) Please don't assume tools couldn't return also false 
positives. It's good to study all the code related to the lines and 
functions changed beyond just the patch context so you can understand 
whether the change makes sense and explain how the problem can manifest 
for real.

Please also name the tool in future in the changelog when problems are 
found by some code analysis tool (as is also required by the submission 
guidelines under Documentation/process/).


-- 
 i.


> On Fri, Mar 14, 2025 at 6:41 AM Ilpo Järvinen
> <ilpo.jarvinen@...ux.intel.com> wrote:
> >
> > On Thu, 13 Mar 2025, Chenyuan Yang wrote:
> >
> > Hi,
> >
> > Could you please be consistent in style and write "NULL" also in the
> > shortlog in the subject.
> >
> > > Not all devices have an ACPI companion fwnode, so device might be NULL.
> > > This is similar to the commit cd2fd6eab480
> > > ("platform/x86: int3472: Check for adev == NULL").
> >
> > Please fold the paragraph normally.
> >
> > > Add a check for device not being set and return -ENODEV in that case to
> > > avoid a possible NULL pointer deref in parse_wdg().
> > >
> > > Note, acpi_wmi_probe() under the same file has such a check.
> >
> > Hmm, is this a bogus fix, as parse_wdg() is only called from
> > acpi_wmi_probe() so how can ACPI companion turn NULL in between??
> >
> > How was this problem found??
> >
> > > Signed-off-by: Chenyuan Yang <chenyuan0y@...il.com>
> > > ---
> > >  drivers/platform/x86/wmi.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > >
> > > diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c
> > > index 646370bd6b03..54e697838c1e 100644
> > > --- a/drivers/platform/x86/wmi.c
> > > +++ b/drivers/platform/x86/wmi.c
> > > @@ -1091,6 +1091,9 @@ static int parse_wdg(struct device *wmi_bus_dev, struct platform_device *pdev)
> > >       u32 i, total;
> > >       int retval;
> > >
> > > +     if (!device)
> > > +             return -ENODEV;
> > > +
> > >       status = acpi_evaluate_object(device->handle, "_WDG", NULL, &out);
> > >       if (ACPI_FAILURE(status))
> > >               return -ENXIO;
> > >
> >
> > --
> >  i.
> >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ