lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 Nov 2015 09:53:12 +0100
From:	Uwe Kleine-König 
	<u.kleine-koenig@...gutronix.de>
To:	Frans Klaver <fransklaver@...il.com>
Cc:	LABBE Corentin <clabbe.montjoie@...il.com>, baruch@...s.co.il,
	Brian Norris <computersforpeace@...il.com>,
	David Woodhouse <dwmw2@...radead.org>,
	Krzysztof Kozłowski <k.kozlowski.k@...il.com>,
	Luis de Bethencourt <luis@...ethencourt.com>,
	kernel@...gutronix.de,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] mtd: nand: mxc_nand: fix a possible NULL dereference

CC += devicetree@...r.kernel.org, gregkh

On Thu, Nov 12, 2015 at 09:36:55AM +0100, Frans Klaver wrote:
> On Thu, Nov 12, 2015 at 9:26 AM, Uwe Kleine-König
> <u.kleine-koenig@...gutronix.de> wrote:
> > On Thu, Nov 12, 2015 at 09:03:11AM +0100, Frans Klaver wrote:
> >> Hi,
> >>
> >> On Thu, Nov 12, 2015 at 8:46 AM, LABBE Corentin
> >> <clabbe.montjoie@...il.com> wrote:
> >> > of_match_device could return NULL, and so cause a NULL pointer
> >> > dereference later.
> >>
> >> Did you actually run into this? It seems to me that this driver is
> >> only probed if and only if we have a match and that therefore
> >> of_match_device will always return a valid pointer (it is using the
> >> same match table). Am I missing something?
> >
> > Yes, you're missing something. The driver would probe for a dt snippet
> > like:
> >
> >         mxc_nand {
> >                 compatible = "foobar";
> >         }
> >
> > In this case dev->of_node is non-NULL but of_match_device(mxcnd_dt_ids,
> > dev) is.
> >
> > (I didn't actually test this, so there is a chance I'm wrong here. And
> > if not I wonder if it is sensible at all to match the device name on
> > driver name for of-created platform devices.)
> 
> Yea, looks like you're right. platform devices check a number of
> things to determine a match, among which is driver name if all else
> fails (platform.c, platform_match()).

Maybe something like this would help to reduce surprises:

diff --git a/drivers/base/platform.c b/drivers/base/platform.c
index f80aaaf9f610..a9fc22c86552 100644
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -840,8 +840,8 @@ static int platform_match(struct device *dev, struct device_driver *drv)
 		return !strcmp(pdev->driver_override, drv->name);
 
 	/* Attempt an OF style match first */
-	if (of_driver_match_device(dev, drv))
-		return 1;
+	if (pdev->dev.of_node)
+		return of_driver_match_device(dev, drv);
 
 	/* Then try ACPI style match */
 	if (acpi_driver_match_device(dev, drv))

Maybe something similar for acpi devices is desirable, too?

Best regards
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ