lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <b6275c17-b122-46cf-a819-54fecdd30803@roeck-us.net>
Date: Fri, 14 Nov 2025 07:29:38 -0800
From: Guenter Roeck <linux@...ck-us.net>
To: Pavel Zhigulin <Pavel.Zhigulin@...persky.com>,
 Robert Marko <robert.marko@...tura.hr>
Cc: Luka Perkov <luka.perkov@...tura.hr>, linux-hwmon@...r.kernel.org,
 linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH] hwmon: tps23861: add regmap_bulk_read() handling in port
 resistance read

On 11/14/25 07:00, Pavel Zhigulin wrote:
> regmap_bulk_read() was called without checking its return value
> in function tps23861_port_resistance(). If the read failed,
> the code proceeded with an uninitialized register value.
> 
> Add return value handling
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: fff7b8ab2255 ("hwmon: add Texas Instruments TPS23861 driver")
> Signed-off-by: Pavel Zhigulin <Pavel.Zhigulin@...persky.com>
> ---
>   drivers/hwmon/tps23861.c | 11 +++++++----
>   1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/hwmon/tps23861.c b/drivers/hwmon/tps23861.c
> index 4cb3960d5170..8873b2e21064 100644
> --- a/drivers/hwmon/tps23861.c
> +++ b/drivers/hwmon/tps23861.c
> @@ -457,13 +457,16 @@ static char *port_poe_plus_status_string(uint8_t poe_plus, unsigned int port)
>   static int tps23861_port_resistance(struct tps23861_data *data, int port)
>   {
>   	unsigned int raw_val;
> +	int rc = 0;
>   	__le16 regval;
> 
> -	regmap_bulk_read(data->regmap,
> -			 PORT_1_RESISTANCE_LSB + PORT_N_RESISTANCE_LSB_OFFSET * port,
> -			 &regval,
> -			 2);
> +	rc = regmap_bulk_read(data->regmap,
> +			      PORT_1_RESISTANCE_LSB + PORT_N_RESISTANCE_LSB_OFFSET * port,
> +			      &regval,
> +			      2);
> 
> +	if (rc < 0)
> +		return 0;
>   	raw_val = le16_to_cpu(regval);
>   	switch (FIELD_GET(PORT_RESISTANCE_RSN_MASK, raw_val)) {
>   	case PORT_RESISTANCE_RSN_OTHER:

tps23861_port_resistance() is called from tps23861_port_status_show(),
which has three unchecked calls to regmap_read(). It is not entirely obvious
to me why checking this specific call to regmap_bulk_read() would warrant
an error check but not the calls to regmap_read().

Also, I am not sure if it make sense to ignore the error.

Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ