lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4ECAC738.5030605@kernel.org>
Date:	Mon, 21 Nov 2011 21:48:40 +0000
From:	Jonathan Cameron <jic23@...nel.org>
To:	Sasha Levin <levinsasha928@...il.com>
CC:	linux-kernel@...r.kernel.org, Jonathan Cameron <jic23@....ac.uk>,
	Greg Kroah-Hartman <gregkh@...e.de>, linux-iio@...r.kernel.org,
	devel@...verdev.osuosl.org
Subject: Re: [PATCH] iio: Don't OOPS if dummy evgen failed init

On 11/21/2011 09:11 PM, Sasha Levin wrote:
> If the dummy evgen failed init, the irq allocation functions which assume
> init succeeded may still be called - causing an OOPS due to wrong assumption.
> 
> Here's the oops:
> 
> [    3.914332] BUG: unable to handle kernel NULL pointer dereference at 0000000000000148
> [    3.915310] IP: [<ffffffff810b3008>] __lock_acquire+0xac/0xe50
> [    3.915310] PGD 0
> [    3.915310] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
> [    3.915310] CPU 1
> [    3.915310] Pid: 1, comm: swapper Not tainted 3.2.0-rc2-sasha-00279-gd7bfb12-dirty #20
> [    3.915310] RIP: 0010:[<ffffffff810b3008>]  [<ffffffff810b3008>] __lock_acquire+0xac/0xe50
> [    3.915310] RSP: 0018:ffff880012499bc0  EFLAGS: 00010046
> [    3.915310] RAX: 0000000000000086 RBX: ffff880012490000 RCX: 0000000000000000
> [    3.915310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000148
> [    3.915310] RBP: ffff880012499c90 R08: 0000000000000002 R09: 0000000000000000
> [    3.915310] R10: 0000000000000148 R11: 0000000000000000 R12: 0000000000000148
> [    3.915310] R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000
> [    3.915310] FS:  0000000000000000(0000) GS:ffff880013c00000(0000) knlGS:0000000000000000
> [    3.915310] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [    3.915310] CR2: 0000000000000148 CR3: 0000000002605000 CR4: 00000000000406e0
> [    3.915310] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [    3.915310] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [    3.915310] Process swapper (pid: 1, threadinfo ffff880012498000, task ffff880012490000)
> [    3.915310] Stack:
> [    3.915310]  ffff880012490000 ffffffff81e6fd38 ffffffff00000000 0000000000000000
> [    3.915310]  0000000000000148 0000000012499c08 ffffffff00000000 000000000000002e
> [    3.915310]  0000000000000001 ffff880012499ce0 ffffffff8161620e 0000000000000000
> [    3.915310] Call Trace:
> [    3.915310]  [<ffffffff81e6fd38>] ? retint_restore_args+0x13/0x13
> [    3.915310]  [<ffffffff8161620e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
> [    3.915310]  [<ffffffff81e6fd38>] ? retint_restore_args+0x13/0x13
> [    3.915310]  [<ffffffff81af8883>] ? iio_dummy_evgen_get_irq+0x33/0x8a
> [    3.915310]  [<ffffffff810b4255>] lock_acquire+0x8a/0xa7
> [    3.915310]  [<ffffffff81af8883>] ? iio_dummy_evgen_get_irq+0x33/0x8a
> [    3.915310]  [<ffffffff81e6db81>] __mutex_lock_common+0x63/0x491
> [    3.915310]  [<ffffffff81af8883>] ? iio_dummy_evgen_get_irq+0x33/0x8a
> [    3.915310]  [<ffffffff810b474d>] ? debug_check_no_locks_freed+0x135/0x14a
> [    3.915310]  [<ffffffff810b2c3a>] ? lock_is_held+0x92/0x9d
> [    3.915310]  [<ffffffff81e6dfe5>] mutex_lock_nested+0x36/0x3b
> [    3.915310]  [<ffffffff81af8883>] iio_dummy_evgen_get_irq+0x33/0x8a
> [    3.915310]  [<ffffffff81af8594>] iio_simple_dummy_events_register+0x1b/0x69
> [    3.915310]  [<ffffffff82ad4a91>] iio_dummy_init+0x105/0x18d
> [    3.915310]  [<ffffffff82ad498c>] ? iio_init+0x7d/0x7d
> [    3.915310]  [<ffffffff82a8dc02>] do_one_initcall+0x7a/0x135
> [    3.915310]  [<ffffffff82a8dda7>] kernel_init+0xea/0x16f
> [    3.915310]  [<ffffffff81e727c4>] kernel_thread_helper+0x4/0x10
> [    3.915310]  [<ffffffff81e6fd38>] ? retint_restore_args+0x13/0x13
> [    3.915310]  [<ffffffff82a8dcbd>] ? do_one_initcall+0x135/0x135
> [    3.915310]  [<ffffffff81e727c0>] ? gs_change+0x13/0x13
> [    3.915310] Code: 95 50 ff ff ff 74 24 e8 1f 3f 56 00 85 c0 0f 84 4e 0d 00 00 be cf 0b 00 00 83 3d 63 7c 58 02 00 0f 85 3c 0d 00 00 e9 c1 0c 00 00
> [    3.915310]  81 3a a0 17 ca 82 b8 01 00 00 00 44 0f 44 e8 83 fe 01 77 0c
> [    3.915310] RIP  [<ffffffff810b3008>] __lock_acquire+0xac/0xe50
> [    3.915310]  RSP <ffff880012499bc0>
> [    3.915310] CR2: 0000000000000148
> 
Thanks.  Dealing with the first one should make the second impossible to
hit (as one shouldn't be trying to free irq's if they weren't
successfully gotten in the first place.)

Just for clarity of code, I'd prefer without the release change.

Acked-by: Jonathan Cameron <jic23@....ac.uk> for the get change.

Thanks,
> Cc: Jonathan Cameron <jic23@....ac.uk>
> Cc: Greg Kroah-Hartman <gregkh@...e.de>
> Cc: linux-iio@...r.kernel.org
> Cc: devel@...verdev.osuosl.org
> Signed-off-by: Sasha Levin <levinsasha928@...il.com>
> ---
>  drivers/staging/iio/iio_dummy_evgen.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/staging/iio/iio_dummy_evgen.c b/drivers/staging/iio/iio_dummy_evgen.c
> index da657d1..74d8d94 100644
> --- a/drivers/staging/iio/iio_dummy_evgen.c
> +++ b/drivers/staging/iio/iio_dummy_evgen.c
> @@ -102,6 +102,10 @@ static int iio_dummy_evgen_create(void)
>  int iio_dummy_evgen_get_irq(void)
>  {
>  	int i, ret = 0;
> +
> +	if (iio_evgen == NULL)
> +		return -ENODEV;
> +
>  	mutex_lock(&iio_evgen->lock);
>  	for (i = 0; i < IIO_EVENTGEN_NO; i++)
>  		if (iio_evgen->inuse[i] == false) {
> @@ -124,6 +128,9 @@ EXPORT_SYMBOL_GPL(iio_dummy_evgen_get_irq);
>   */
>  int iio_dummy_evgen_release_irq(int irq)
>  {
> +	if (iio_evgen == NULL)
> +		return -ENODEV;
> +
>  	mutex_lock(&iio_evgen->lock);
>  	iio_evgen->inuse[irq - iio_evgen->base] = false;
>  	mutex_unlock(&iio_evgen->lock);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ