lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130918083155.GB10126@pengutronix.de>
Date:	Wed, 18 Sep 2013 10:31:55 +0200
From:	Markus Pargmann <mpa@...gutronix.de>
To:	Russell King - ARM Linux <linux@....linux.org.uk>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	kernel@...gutronix.de, linux-kernel@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: dev->of_node overwrite can cause device loading with different
 driver

On Sat, Sep 14, 2013 at 01:28:09PM +0100, Russell King - ARM Linux wrote:
> On Sat, Sep 14, 2013 at 05:17:29AM -0700, Greg Kroah-Hartman wrote:
> > On Sat, Sep 14, 2013 at 09:16:53AM +0200, Markus Pargmann wrote:
> > > 3. We could fix up all drivers that change the of_node. But there are
> > >    ARM DT frameworks that require a device struct as parameter instead
> > >    of a device_node parameter (e.g. soc-generic-dmaengine-pcm). So a
> > >    driver core, initialized by a glue driver with DT bindings, has to
> > >    set dev->of_node to use those frameworks. I think it is strange to
> > >    have such DT framework interfaces if a driver is not supposed to
> > >    overwrite dev->of_node permanently.
> > 
> > How about any driver that does muck with this structure, restore it
> > properly if their probe() function fails?  Yes, you show that this is
> > going to be tricky in some places (i.e. musb), but it makes sense that
> > the burden of fixing this issue would rest on them, as they are the ones
> > causing this problem, right?
> 
> It's not about overwriting at all.

musb does not overwrite of_node, but other drivers do, e.g. USB chipidea
core driver which uses its parent of_node. When probe fails in this
case, we could end up with similar issues.

Regards,

Markus

> 
> It's quite simple:
> 
> 1. OF creates a platform device and attaches an of_node to it.
> 2. This platform device is matched using the data in the of_node structure
>    against one of the MUSB stub drivers.
> 3. The MUSB stub driver creates a new platform device, and copies the
>    of_node to it, and registers it.
> 4. This new platform device _can_ itself be matched against the stub
>    driver using the of_node structure.  When this happens, go to step
>    2 and repeat 2-4.
> 
> That's where the problem is - it's not about overwriting an existing
> platform device's of_node pointer with something that the driver has
> dreamt up at all.
> 
> If we're lucky, step 3.5 would be "match against the 'musb-hdrc' driver
> and successfully probe it" which is the only thing that would break
> the above loop.
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ