lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGn2d8PdiBRN09L__XEsH=cNYz4rDR2A-GnSqCM6Y5TmtT+wcw@mail.gmail.com>
Date: Thu, 26 Jun 2025 18:19:40 +0300
From: Abdelrahman Fekry <abdelrahmanfekry375@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: andy@...nel.org, hdegoede@...hat.com, mchehab@...nel.org, 
	sakari.ailus@...ux.intel.com, gregkh@...uxfoundation.org, 
	linux-kernel@...r.kernel.org, linux-media@...r.kernel.org, 
	linux-staging@...ts.linux.dev, skhan@...uxfoundation.org, 
	linux-kernel-mentees@...ts.linux.dev
Subject: Re: [PATCH v2] staging: media: atomisp: remove debug sysfs attributes
 active_bo and free_bo

Hello Dan , Thanks for your review

On Tue, Jun 24, 2025 at 9:31 PM Dan Carpenter <dan.carpenter@...aro.org> wrote:
> Yes.  Nothing is checking for if hmm_init() fails.  Step through the
> code and verify that nothing crashes or bad happens as a result.
>
> For example, I think hmm_bo_alloc() will print "hmm_bo_device not inited
> yet." and return.  So that's kind of annoying but it's not a crash.
> Search through the rest of the driver and verify how it will behave.
>

So, I have been searching through the code as you suggested,
and found a couple of interesting things to look at.

Firstly, no function that calls hmm_init() checks its return code,
and it doesn’t crash anywhere because of this, so it's not a problem.
But the thing is, the hmm_initialized flag inside the hmm_init() function
is set even if hmm_bo_device_init() fails, and this can be misleading for
functions like __hm_alloc() that check this flag later.

Secondly, the function hmm_bo_alloc() and others don’t check
the return code of hmm_init(). Instead, they check the flag
HMM_BO_DEVICE_INITED inside bdev, which is set by the function
hmm_bo_device_init(). The problem is, if we inspect hmm_bo_device_init(),
we find that the HMM_BO_DEVICE_INITED flag is set before the calls to
kmem_cache_create(), kmem_cache_alloc(), and __bo_init().
This means that if any of these functions fail, the flag will still be set,
which can lead to misbehavior in functions that rely on it, like hmm_bo_alloc().

Should I tackle these problems after submitting the original patch of
removing the debug sysfs attr. ?

Best Regards,
Abdelrahman Fekry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ