lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0799d2f6-3777-45f6-a6b6-9ca3f145d611@ti.com>
Date: Fri, 28 Mar 2025 11:46:49 +0530
From: "Malladi, Meghana" <m-malladi@...com>
To: Jakub Kicinski <kuba@...nel.org>
CC: <pabeni@...hat.com>, <edumazet@...gle.com>, <davem@...emloft.net>,
        <andrew+netdev@...n.ch>, <bpf@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>, <kory.maincent@...tlin.com>,
        <dan.carpenter@...aro.org>, <javier.carrasco.cruz@...il.com>,
        <diogo.ivo@...mens.com>, <jacob.e.keller@...el.com>,
        <horms@...nel.org>, <john.fastabend@...il.com>, <hawk@...nel.org>,
        <daniel@...earbox.net>, <ast@...nel.org>, <srk@...com>,
        Vignesh Raghavendra <vigneshr@...com>,
        Roger
 Quadros <rogerq@...nel.org>, <danishanwar@...com>
Subject: Re: [PATCH net-next v2 3/3] net: ti: icss-iep: Fix possible NULL
 pointer dereference for perout request



On 3/25/2025 11:18 PM, Jakub Kicinski wrote:
> On Fri, 21 Mar 2025 13:43:13 +0530 Meghana Malladi wrote:
>> Whenever there is a perout request from the user application,
>> kernel receives req structure containing the configuration info
>> for that req.
> 
> This doesn't really explain the condition under which the bug triggers.
> Presumably when user request comes in req is never NULL?
> 

You are right, I have looked into what would trigger this bug but seems 
like user request can never be NULL, but the contents inside the req can 
be invalid, but that is already being handled by the kernel. So this bug 
fix makes no sense and I will be dropping this patch for v3. Thanks.

>> Add NULL pointer handling for perout request if
>> that req struct points to NULL.
>>
>> Fixes: e5b456a14215 ("net: ti: icss-iep: Add pwidth configuration for perout signal")
>> Signed-off-by: Meghana Malladi <m-malladi@...com>
>> Reviewed-by: Simon Horman <horms@...nel.org>
>> ---
>>
>> Changes from v1(v2-v1):
>> - Collected RB tag from Simon Horman <horms@...nel.org>
>>
>>   drivers/net/ethernet/ti/icssg/icss_iep.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/net/ethernet/ti/icssg/icss_iep.c b/drivers/net/ethernet/ti/icssg/icss_iep.c
>> index b4a34c57b7b4..aeebdc4c121e 100644
>> --- a/drivers/net/ethernet/ti/icssg/icss_iep.c
>> +++ b/drivers/net/ethernet/ti/icssg/icss_iep.c
>> @@ -498,6 +498,10 @@ static int icss_iep_perout_enable(struct icss_iep *iep,
>>   {
>>   	int ret = 0;
>>   
>> +	/* Return error if the req is NULL */
> 
> code is trivial here, explain the 'why' not the 'what'
> Why is this called with NULL?
> 
>> +	if (!req)
>> +		return -EINVAL;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ