lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <536CBC5E.5070202@hurleysoftware.com>
Date:	Fri, 09 May 2014 07:30:38 -0400
From:	Peter Hurley <peter@...leysoftware.com>
To:	Lee Jones <lee.jones@...aro.org>,
	Linus Walleij <linus.walleij@...aro.org>
CC:	Vincent Donnefort <vdonnefort@...il.com>,
	Linux kernel <linux-kernel@...r.kernel.org>
Subject: Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

On 05/09/2014 03:20 AM, Lee Jones wrote:
> On Thu, 08 May 2014, Linus Walleij wrote:
>
>> On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@...leysoftware.com> wrote:
>>> Hi Vincent,
>>>
>>> On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
>>>>
>>>> Hello Peter,
>>>
>>>
>>>>> This is almost certainly caused by the uninitialized regs ptr
>>>>> in the ich6_desc struct (i3100_desc struct has the same problem)
>>>>> introduced in this commit:
>>>>>
>>>>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>>>>> Author: Vincent Donnefort <vdonnefort@...il.com>
>>>>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>>>>
>>>>>       gpio: ich: Add support for multiple register addresses
>>>>>
>>>>>       This patch introduces regs and reglen pointers which allow a chipset
>>>>> to have
>>>>>       register addresses differing from ICH ones.
>>>>>
>>>>>       Acked-by: Linus Walleij <linus.walleij@...aro.org>
>>>>>       Signed-off-by: Vincent Donnefort <vdonnefort@...il.com>
>>>>>       Signed-off-by: Lee Jones <lee.jones@...aro.org>
>>>>>
>>>>
>>>> Yes indeed, this must be linked to this thread
>>>> https://lkml.org/lkml/2014/4/15/292
>>>
>>>
>>> Thanks for the link.
>>>
>>> I searched through LKML but without the driver name or the offending
>>> function
>>> in the commit message I couldn't find it.
>>>
>>> Linus,
>>>
>>> What tree is this bug fix trapped in? I see it didn't make -rc4 either.
>>
>> Since the last signoff is Lee I guess it's in the MFD tree?
>
> This patch is in Mainline.
>
> Search for $SUBJECT.

Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6 chipset'
(which is the bug fix for the buggy commit) turns up nothing in mainline.

This bug was reported on April 14 in -rc1 by Eric Paris here
http://lkml.iu.edu/hypermail/linux/kernel/1404.1/03833.html
and _fixed_ a day later on April 15 by Vincent Donnefort here
https://lkml.org/lkml/2014/4/15/292
It was signed off by Linus Walleij on the same day here
https://lkml.org/lkml/2014/4/22/1128

Since this bug fix never made it to mainline, I re-discovered
the bug in -rc3 and reported it here
http://lists-archives.com/linux-kernel/28051348-bug-null-ptr-dereference-in-ichx_gpio_request_regions.html
(presumably, you received a copy of that email).
Vincent replied with the link to the previous bug fix.

Since that time, I have been trying to find in which tree that
bug fix is stuck, but I just keep getting replies which show
an uncareful reading of this thread.

Regards,
Peter Hurley
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ