* Re: drivers/char: suspected null-pointer dereference problem in handle_control_message [not found] <TYCP286MB11884B1010AF8C77F1BBDAF08A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM> @ 2021-10-26 10:29 ` Amit Shah 2021-10-26 11:51 ` 回复: " YE Chengfeng 0 siblings, 1 reply; 4+ messages in thread From: Amit Shah @ 2021-10-26 10:29 UTC (permalink / raw) To: YE Chengfeng, amit, arnd, linux-kernel On Tue, 2021-10-26 at 06:17 +0000, YE Chengfeng wrote: > Hi, > > https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1657 > > Our experimental static analysis tool detects a suspected null-pointer-dereference problem. We manually check it, but It still could be false positive because we are not familiar with the code. We report this to you just in case. > > We notice that in some branches of switch case at line #1582, the pointer port is null check. But null check is missing at line #1657 and line #1633. It seems like a suspected null-pointer dereference pointer. Would you like to spare some time to have a look at it? For this NULL deref to happen, the host will have to send a port_name command before a port_add command. Worrying about that isn't worthwhile. If you'd like to add a generic `if (unlikely(!port))` after line 1579 there, that'd be fine as a hint to the static analysis tools, though, so just for that reason, it might be worthwhile. Amit ^ permalink raw reply [flat|nested] 4+ messages in thread
* 回复: drivers/char: suspected null-pointer dereference problem in handle_control_message 2021-10-26 10:29 ` drivers/char: suspected null-pointer dereference problem in handle_control_message Amit Shah @ 2021-10-26 11:51 ` YE Chengfeng 2021-10-28 11:54 ` Amit Shah 0 siblings, 1 reply; 4+ messages in thread From: YE Chengfeng @ 2021-10-26 11:51 UTC (permalink / raw) To: Amit Shah, amit, arnd, linux-kernel Thanks for your reply. Agree with you, seems that the branch at #line 1573 already handles this situation. Another question, is it possible that port->name is null when show_port_name is invoked? I don't see any null-check there, could it be a null-dereference problem at #line 1282? Link is below. https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1282 Best Regards. Chengfeng -----邮件原件----- 发件人: Amit Shah <amit@infradead.org> 发送时间: 2021年10月26日 18:30 收件人: YE Chengfeng <cyeaa@connect.ust.hk>; amit@kernel.org; arnd@arndb.de; linux-kernel@vger.kernel.org 主题: Re: drivers/char: suspected null-pointer dereference problem in handle_control_message On Tue, 2021-10-26 at 06:17 +0000, YE Chengfeng wrote: > Hi, > > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > ub.com%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fdrivers%2Fchar%2Fvirtio_co > nsole.c%23L1657&data=04%7C01%7Ccyeaa%40connect.ust.hk%7Ccfdf9c167c > 6749fe336a08d9986ba318%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C63 > 7708410345384834%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GBDIMmW7FA1kawm > SoKAH7xTW92%2BrHMo2i2SVR42XFqE%3D&reserved=0 > > Our experimental static analysis tool detects a suspected null-pointer-dereference problem. We manually check it, but It still could be false positive because we are not familiar with the code. We report this to you just in case. > > We notice that in some branches of switch case at line #1582, the pointer port is null check. But null check is missing at line #1657 and line #1633. It seems like a suspected null-pointer dereference pointer. Would you like to spare some time to have a look at it? For this NULL deref to happen, the host will have to send a port_name command before a port_add command. Worrying about that isn't worthwhile. If you'd like to add a generic `if (unlikely(!port))` after line 1579 there, that'd be fine as a hint to the static analysis tools, though, so just for that reason, it might be worthwhile. Amit ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: 回复: drivers/char: suspected null-pointer dereference problem in handle_control_message 2021-10-26 11:51 ` 回复: " YE Chengfeng @ 2021-10-28 11:54 ` Amit Shah 2021-10-30 13:20 ` 回复: " YE Chengfeng 0 siblings, 1 reply; 4+ messages in thread From: Amit Shah @ 2021-10-28 11:54 UTC (permalink / raw) To: YE Chengfeng, amit, arnd, linux-kernel On Tue, 2021-10-26 at 11:51 +0000, YE Chengfeng wrote: > Thanks for your reply. > > Agree with you, seems that the branch at #line 1573 already handles this situation. > > Another question, is it possible that port->name is null when show_port_name is invoked? I don't see any null-check there, could it be a null-dereference problem at #line 1282? Link is below. > https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1282 Why don't you try it? It's certainly possible that a port doesn't have a name. ^ permalink raw reply [flat|nested] 4+ messages in thread
* 回复: 回复: drivers/char: suspected null-pointer dereference problem in handle_control_message 2021-10-28 11:54 ` Amit Shah @ 2021-10-30 13:20 ` YE Chengfeng 0 siblings, 0 replies; 4+ messages in thread From: YE Chengfeng @ 2021-10-30 13:20 UTC (permalink / raw) To: Amit Shah, amit, arnd, linux-kernel If it's possible as said, maybe it should be fixed? Do you need my help to send a patch? -----邮件原件----- 发件人: Amit Shah <amit@infradead.org> 发送时间: 2021年10月28日 19:55 收件人: YE Chengfeng <cyeaa@connect.ust.hk>; amit@kernel.org; arnd@arndb.de; linux-kernel@vger.kernel.org 主题: Re: 回复: drivers/char: suspected null-pointer dereference problem in handle_control_message On Tue, 2021-10-26 at 11:51 +0000, YE Chengfeng wrote: > Thanks for your reply. > > Agree with you, seems that the branch at #line 1573 already handles this situation. > > Another question, is it possible that port->name is null when show_port_name is invoked? I don't see any null-check there, could it be a null-dereference problem at #line 1282? Link is below. > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fdrivers%2Fchar%2Fvirtio_console.c%23L1282&data=04%7C01%7Ccyeaa%40connect.ust.hk%7Cf78df542482244275a4408d99a09c159%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C637710188967881644%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=TGc89qYoAYheHQOvDkMCpAtvNJz6muw9zC8nhQXAQ0E%3D&reserved=0 Why don't you try it? It's certainly possible that a port doesn't have a name. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-10-30 13:20 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <TYCP286MB11884B1010AF8C77F1BBDAF08A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM> 2021-10-26 10:29 ` drivers/char: suspected null-pointer dereference problem in handle_control_message Amit Shah 2021-10-26 11:51 ` 回复: " YE Chengfeng 2021-10-28 11:54 ` Amit Shah 2021-10-30 13:20 ` 回复: " YE Chengfeng
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.