lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20191002.142214.252882219207569928.davem@davemloft.net>
Date:   Wed, 02 Oct 2019 14:22:14 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     yzhai003@....edu
Cc:     csong@...ucr.edu, zhiyunq@...ucr.edu, yisen.zhuang@...wei.com,
        salil.mehta@...wei.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: hisilicon: Fix usage of uninitialized variable in
 function mdio_sc_cfg_reg_write()

From: Yizhuo <yzhai003@....edu>
Date: Tue,  1 Oct 2019 13:24:39 -0700

> In function mdio_sc_cfg_reg_write(), variable "reg_value" could be
> uninitialized if regmap_read() fails. However, "reg_value" is used
> to decide the control flow later in the if statement, which is
> potentially unsafe.
> 
> Signed-off-by: Yizhuo <yzhai003@....edu>

Applied, but really this is such a pervasive problem.

So much code doesn't check the return value from either regmap_read
or regmap_write.

_EVEN_ in the code you are editing, the patch context shows an unchecked
regmap_write() call.

> @@ -148,11 +148,15 @@ static int mdio_sc_cfg_reg_write(struct hns_mdio_device *mdio_dev,
>  {
>  	u32 time_cnt;
>  	u32 reg_value;
> +	int ret;
>  
>  	regmap_write(mdio_dev->subctrl_vbase, cfg_reg, set_val);
        ^^^^^^^^^^^^

Grepping for regmap_{read,write}() shows how big an issue this is.

I don't know what to do, maybe we can work over time to add checks to
all calls and then force warnings on unchecked return values so that
the problem is not introduced in the future.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ