| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aQhdgI33_f-tfHWu@smile.fi.intel.com>
Date: Mon, 3 Nov 2025 09:45:04 +0200
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: Bartosz Golaszewski <brgl@...ev.pl>
Cc: Linus Walleij <linus.walleij@...aro.org>, linux-gpio@...r.kernel.org,
linux-kernel@...r.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@...aro.org>
Subject: Re: [PATCH] gpiolib: fix invalid pointer access in debugfs
On Fri, Oct 31, 2025 at 04:06:31PM +0100, Bartosz Golaszewski wrote:
>
> If the memory allocation in gpiolib_seq_start() fails, the s->private
> field remains uninitialized and is later dereferenced without checking
> in gpiolib_seq_stop(). Initialize s->private to NULL before calling
> kzalloc() and check it before dereferencing it.
...
> static void gpiolib_seq_stop(struct seq_file *s, void *v)
> {
> struct gpiolib_seq_priv *priv = s->private;
>
> + if (!priv)
> + return;
My preference is to have the assignment be decoupled in such a case:
struct gpiolib_seq_priv *priv;
priv = s->private;
if (!priv)
return;
This will prevent from doing subtle mistakes (as dereferencing before check and
so on) in the future. Not that I expect this function to grow that way, but still...
always keep in mind that somebody who is not familiar with the code may take the
piece as high standard in the kernel and copy to their code without much thinking.
> srcu_read_unlock(&gpio_devices_srcu, priv->idx);
> kfree(priv);
> }
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists