linux-kernel - RE: [PATCH 3/4] pinctrl: Add checks for empty names in pinmux_search

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <74CDBE0F657A3D45AFBB94109FB122FF1780DAB384@HQMAIL01.nvidia.com>
Date:	Fri, 20 Jan 2012 09:00:38 -0800
From:	Stephen Warren <swarren@...dia.com>
To:	Tony Lindgren <tony@...mide.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:	Linus Walleij <linus.walleij@...ricsson.com>,
	Barry Song <21cnbao@...il.com>,
	Haojian Zhuang <haojian.zhuang@...vell.com>,
	Grant Likely <grant.likely@...retlab.ca>,
	Thomas Abraham <thomas.abraham@...aro.org>,
	Rajendra Nayak <rajendra.nayak@...aro.org>,
	Dong Aisheng <dong.aisheng@...aro.org>,
	Shawn Guo <shawn.guo@...escale.com>
Subject: RE: [PATCH 3/4] pinctrl: Add checks for empty names in
 pinmux_search_function

Tony Lindgren wrote at Friday, January 20, 2012 9:18 AM:
> Otherwise we can get the following when dealing with
> buggy data in a pinmux driver:
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000

> diff --git a/drivers/pinctrl/pinmux.c b/drivers/pinctrl/pinmux.c
> index 06b8943..ffe633d 100644
> --- a/drivers/pinctrl/pinmux.c
> +++ b/drivers/pinctrl/pinmux.c
> @@ -584,6 +584,13 @@ static int pinmux_search_function(struct pinctrl_dev *pctldev,
>  							   selector);
>  		int ret;
> 
> +		if (!fname) {
> +			pr_warning("no name for function%i\n",
> +				   selector);
> +			selector++;
> +			continue;
> +		}
> +
>  		if (!strcmp(map->function, fname)) {
>  			/* Found the function, check pin group */
>  			ret = pinmux_check_pin_group(pctldev, selector,

Shouldn't this be BUG_ON(!fname)?

There are lots of other places that pmxops->get_function_name() is
called. Wouldn't it be better to enhance e.g. pinmux_check_ops() to
validate that all functions have a name during pinctrl registration?

-- 
nvpublic