lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Mar 2018 20:21:54 +0800
From:   Peng Fan <peng.fan@....com>
To:     broonie@...nel.org, gregkh@...uxfoundation.org
Cc:     linux-imx@....com, linux-kernel@...r.kernel.org
Subject: [PATCH] regmap: debugfs: check pointer before access

When access the /sys/kernel/debug/regmap/5-0033/name, kernel reports
NULL pointer access, it is because the driver point is null when
accessing map->dev->driver->name.

root@...8qmmek:~# cat /sys/kernel/debug/regmap/5-0033/name
[   26.553924] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   26.562052] pgd = ffff8008f779c000
[   26.565457] [00000000] *pgd=000000096f40c003, *pud=0000000977872003, *pmd=0000000000000000
[   26.573857] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[   26.579436] Modules linked in:
[   26.582500] CPU: 3 PID: 3757 Comm: cat Not tainted 4.9.88-04623-g6be68dc123cc #1700
[   26.590155] Hardware name: Freescale i.MX8QM MEK (DT)
[   26.595204] task: ffff8008ef513200 task.stack: ffff8008ef4e0000
[   26.601142] PC is at regmap_name_read_file+0x54/0xa8
[   26.606110] LR is at regmap_name_read_file+0x38/0xa8
[   26.611076] pc : [<ffff000008638444>] lr : [<ffff000008638428>] pstate: 60000145
[   26.618476] sp : ffff8008ef4e3d30
[   26.621786] x29: ffff8008ef4e3d30 x28: ffff8008ef4e0000
[   26.627111] x27: ffff000008c62000 x26: 000000000000003f
[   26.632437] x25: 0000000000000123 x24: ffff000008d6c710
[   26.637762] x23: ffff8008ef4e3eb8 x22: 0000000000020000
[   26.643087] x21: 0000ffff8ba60000 x20: ffff8008f72d2000
[   26.648413] x19: ffff8008f6921800 x18: 000000000000037c
[   26.653738] x17: 0000000000418170 x16: ffff0000081dee00
[   26.659064] x15: 0000ffff8ba84d00 x14: 0000ffff8ba91d98
[   26.664389] x13: 000000000000270f x12: 0000000000000001
[   26.669714] x11: 0000000000000000 x10: 0101010101010101
[   26.675040] x9 : 0000000000000200 x8 : 00000000c00000b7
[   26.680365] x7 : 0000000000000000 x6 : ffff8008ef41ee00
[   26.685691] x5 : 00008008f6ce5000 x4 : ffff000009402000
[   26.691016] x3 : 0000000000000000 x2 : ffff00000906d728
[   26.696342] x1 : 0000000000001000 x0 : ffff8008f72d2000
[   26.701667]

So add check here. When the driver pointer is NULL, return -EIO.

Signed-off-by: Peng Fan <peng.fan@....com>
---
 drivers/base/regmap/regmap-debugfs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
index f3266334063e..d1097306d2ab 100644
--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -43,6 +43,9 @@ static ssize_t regmap_name_read_file(struct file *file,
 	int ret;
 	char *buf;
 
+	if (!map->dev->driver)
+		return -EIO;
+
 	buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
 	if (!buf)
 		return -ENOMEM;
-- 
2.14.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ