lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211102131437.GF2794@kadam>
Date:   Tue, 2 Nov 2021 16:14:37 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Pkshih <pkshih@...ltek.com>
Cc:     Colin King <colin.king@...onical.com>,
        Kalle Valo <kvalo@...eaurora.org>,
        "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH][next] rtw89: Fix potential dereference of the null
 pointer sta

On Mon, Oct 18, 2021 at 03:35:28AM +0000, Pkshih wrote:
> 
> > -----Original Message-----
> > From: Colin King <colin.king@...onical.com>
> > Sent: Friday, October 15, 2021 11:46 PM
> > To: Kalle Valo <kvalo@...eaurora.org>; David S . Miller <davem@...emloft.net>; Jakub Kicinski
> > <kuba@...nel.org>; Pkshih <pkshih@...ltek.com>; linux-wireless@...r.kernel.org;
> > netdev@...r.kernel.org
> > Cc: kernel-janitors@...r.kernel.org; linux-kernel@...r.kernel.org
> > Subject: [PATCH][next] rtw89: Fix potential dereference of the null pointer sta
> > 
> > From: Colin Ian King <colin.king@...onical.com>
> > 
> > The pointer rtwsta is dereferencing pointer sta before sta is
> > being null checked, so there is a potential null pointer deference
> > issue that may occur. Fix this by only assigning rtwsta after sta
> > has been null checked. Add in a null pointer check on rtwsta before
> > dereferencing it too.
> > 
> > Fixes: e3ec7017f6a2 ("rtw89: add Realtek 802.11ax driver")
> > Addresses-Coverity: ("Dereference before null check")
> > Signed-off-by: Colin Ian King <colin.king@...onical.com>
> > ---
> >  drivers/net/wireless/realtek/rtw89/core.c | 9 +++++++--
> >  1 file changed, 7 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/net/wireless/realtek/rtw89/core.c
> > b/drivers/net/wireless/realtek/rtw89/core.c
> > index 06fb6e5b1b37..26f52a25f545 100644
> > --- a/drivers/net/wireless/realtek/rtw89/core.c
> > +++ b/drivers/net/wireless/realtek/rtw89/core.c
> > @@ -1534,9 +1534,14 @@ static bool rtw89_core_txq_agg_wait(struct rtw89_dev *rtwdev,
> >  {
> >  	struct rtw89_txq *rtwtxq = (struct rtw89_txq *)txq->drv_priv;
> >  	struct ieee80211_sta *sta = txq->sta;
> > -	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
> 
> 'sta->drv_priv' is only a pointer, we don't really dereference the
> data right here, so I think this is safe. More, compiler can optimize
> this instruction that reorder it to the place just right before using.
> So, it seems like a false alarm.

The warning is about "sta" not "sta->priv".  It's not a false positive.

I have heard discussions about compilers trying to work around these
bugs by re-ordering the code.  Is that an option in GCC?  It's not
something we should rely on, but I'm just curious if it exists in
released versions.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ