lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 17 Feb 2015 15:16:48 +0100
From:	Maxime Ripard <maxime.ripard@...e-electrons.com>
To:	박용배 <yongbae2@...il.com>
Cc:	daniel.lezcano@...aro.org, tglx@...utronix.de,
	linux-kernel@...r.kernel.org
Subject: Re: null pointer dereference error in timer-sun5i.c

Hi,

On Mon, Feb 16, 2015 at 04:36:06PM +0900, 박용배 wrote:
> Hello. My name is Yongbae Park.
> 
> I would like to report a possible null pointer dereference error at
> sun5i_timer_interrupt() in drivers/clocksource/timer-sun5i.c (version:
> 3.19-rc5). The null pointer dereference error occurs if the interrupt
> handler sun5i_timer_interrupt() accesses evt->event_handler (line 128) when
> evt->event_handler is null and not defined by sun5i_timer_init().
> 
> sun5i_timer_init() first registers sun5i_timer_interrupt() as the interrupt
> handler at line 181, and then defines the clockevent handler at line 192.
> As a consequence, the interrupt handler can be executed before the
> clockevent handler definition when an interrupt occurs between line 181 and
> line 192. The detail error scenario is the following:

That's very true. Thanks for reporting it.

However, this shouldn't really happen in real life, since the hstimer
are never used by the bootloader (which means that we don't have a
running timer already), and that this isn't the default timer as well
(so we don't program it either).

The only case where this could happen (in the default case), would be
a spurious interrupt.

Did you encounter this bug in real life?

Would you care to make a patch for this issue, similar to the patches
you pointed at, since you're the one who found this issue?

Thanks,
Maxime

-- 
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ