lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LFD.2.02.1205072117330.6271@ionos>
Date:	Mon, 7 May 2012 21:18:55 +0200 (CEST)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Krzysztof Wilczynski <krzysztof.wilczynski@...ux.com>
cc:	Grant Likely <grant.likely@...retlab.ca>,
	Linus Walleij <linus.walleij@...ricsson.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] gpio: langwell: Prevent possible NULL pointer dereference
 in the demux handler.

On Sun, 6 May 2012, Krzysztof Wilczynski wrote:

> This is to address a possible NULL pointer dereference on a platform that might
> use this driver but its underlying IRQ chip does not provide an irq_eoi callback.
> 
> A commit 0766d20 added an conditional to the code, but then it was later
> super-seeded by commit 20e2aa9 which introduced number of helper functions
> for accessing various members of the irq_desc struct, but removed said
> conditional from the code.
> 
> This change will re-introduce conditional guarding against possible NULL
> pointer dereference caused by missing EIO handler.
> 
> Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@...ux.com>
> ---
>  drivers/gpio/gpio-langwell.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/gpio/gpio-langwell.c b/drivers/gpio/gpio-langwell.c
> index 00692e8..5749738 100644
> --- a/drivers/gpio/gpio-langwell.c
> +++ b/drivers/gpio/gpio-langwell.c
> @@ -260,7 +260,8 @@ static void lnw_irq_handler(unsigned irq, struct irq_desc *desc)
>  		}
>  	}
>  
> -	chip->irq_eoi(data);
> +	if (data)
> +		chip->irq_eoi(data);

And how does data, which is always set as long as the interrupt exist
prove that the chip has an eoi function?

Thanks,

	tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ