lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAEnQdOo8CUe5Xpdo=qkCtv-E9gs-BvxUAgVa1Hvptp-2iFX0_w@mail.gmail.com>
Date: Tue, 8 Apr 2025 22:38:07 +0800
From: henry martin <bsdhenrymartin@...il.com>
To: Viresh Kumar <viresh.kumar@...aro.org>
Cc: Sudeep Holla <sudeep.holla@....com>, cristian.marussi@....com, rafael@...nel.org, 
	arm-scmi@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, 
	linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()

> How about `if (unlikely(!policy))` instead ?
Agreed, unlikely() makes sense here since the NULL check is for an
exceptional case.
I'll update all relevant patches accordingly.

> Henry, this change applies to all the patches you have sent. Also please send
> them as a single series, as they are related changes.
Noted. I’ll consolidate the patches into a single series with a proper
cover letter and
resend them shortly.

Viresh Kumar <viresh.kumar@...aro.org> 于2025年4月8日周二 13:55写道:
>
> On 07-04-25, 12:30, Sudeep Holla wrote:
> > On Sat, Apr 05, 2025 at 01:54:47PM +0800, Henry Martin wrote:
> > > cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
> > > in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for
> > > this case, which results in a NULL pointer dereference.
> > >
> > > Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.
> > >
> > > Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol")
> > > Signed-off-by: Henry Martin <bsdhenrymartin@...il.com>
> > > ---
> > >  drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
> > >  1 file changed, 8 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c
> > > index c310aeebc8f3..c735f39245bf 100644
> > > --- a/drivers/cpufreq/scmi-cpufreq.c
> > > +++ b/drivers/cpufreq/scmi-cpufreq.c
> > > @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver;
> > >
> > >  static unsigned int scmi_cpufreq_get_rate(unsigned int cpu)
> > >  {
> > > -   struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
> > > -   struct scmi_data *priv = policy->driver_data;
> > > +   struct cpufreq_policy *policy;
> > > +   struct scmi_data *priv;
> > >     unsigned long rate;
> > >     int ret;
> > >
> > > +   policy = cpufreq_cpu_get_raw(cpu);
> > > +   if (!policy)
> >
> > How about `if (unlikely(!policy))` instead ?
>
> Henry, this change applies to all the patches you have sent. Also please send
> them as a single series, as they are related changes.
>
> --
> viresh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ