lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Jul 2012 21:04:42 +0800 From: Fengguang Wu <fengguang.wu@...el.com> To: Lars-Peter Clausen <lars@...afoo.de> Cc: Jonathan Cameron <jic23@...nel.org>, Greg Kroah-Hartman <gregkh@...e.de>, LKML <linux-kernel@...r.kernel.org> Subject: Re: NULL pointer dereference in iio_buffer_register() On Tue, Jul 31, 2012 at 03:06:11PM +0200, Lars-Peter Clausen wrote: > On 07/31/2012 02:55 PM, Fengguang Wu wrote: > >>> The panic happens while trying to dereference the NULL indio_dev->buffer: > >>> > >>> 266 int iio_buffer_register(struct iio_dev *indio_dev, > >>> 267 const struct iio_chan_spec *channels, > >>> 268 int num_channels) > >>> 269 { > >>> 270 struct iio_dev_attr *p; > >>> 271 struct attribute **attr; > >>> 272 struct iio_buffer *buffer = indio_dev->buffer; > >>> 273 int ret, i, attrn, attrcount, attrcount_orig = 0; > >>> 274 > >>> ==> 275 if (buffer->attrs) > >>> 276 indio_dev->groups[indio_dev->groupcounter++] = buffer->attrs; > >>> > >>> iio_dummy_probe() has the code to configure that buffer, however > >>> iio_simple_dummy_configure_buffer() is defined to do nothing on > >>> !CONFIG_IIO_SIMPLE_DUMMY_BUFFER.. > >>> > >>> 448 /* Configure buffered capture support. */ > >>> ==> 449 ret = iio_simple_dummy_configure_buffer(indio_dev); > >>> 450 if (ret < 0) > >>> 451 goto error_unregister_events; > >>> 452 > >>> 453 /* > >>> 454 * Register the channels with the buffer, but avoid the output > >>> 455 * channel being registered by reducing the number of channels by 1. > >>> 456 */ > >>> 457 ret = iio_buffer_register(indio_dev, iio_dummy_channels, 5); > >>> 458 if (ret < 0) > >>> 459 goto error_unconfigure_buffer; > >>> > >>> Any ideas to fix it? > >>> > >> > >> Hi, > >> > >> I think the best would be to move the iio_buffer_register to > >> iio_simple_dummy_configure_buffer. > > > > Lars, thanks for the quick reply! Hmm, that looks more like a code > > refactor recommendation than fix ;) In the simplest form, can the > > bug fixed like this? > > > > static inline int iio_simple_dummy_configure_buffer(struct iio_dev *indio_dev) > > { > > - return 0; > > + return -1; > > }; > > > > No, we want iio_simple_dummy_configure_buffer to be a noop if buffer support > is disabled, since the driver works fine without it. Except for the issue > you discovered. This issue only appears if CONFIG_IIO_BUFFER=y and > CONFIG_IIO_SIMPLE_DUMMY_BUFFER=n. E.g. if both are not set the driver works > fine without buffers. OK. > I can prepare a patch which moves the iio_buffer_register to > iio_simple_dummy_configure_buffer if you want to. That would be good, thank you very much! Thanks, Fengguang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists