lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 19 Feb 2015 19:31:56 +0900
From:	Mark Brown <broonie@...nel.org>
To:	Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 2/2] regmap: Add range check in _regmap_raw_write()

On Thu, Feb 19, 2015 at 08:40:55AM +0000, Srinivas Kandagatla wrote:
> regmap_bulk_write() ends up using the path that invokes _regmap_raw_write(),
> however _regmap_raw_write() never checks if the registers that are accessed
> are actually within the accessible range. This results in kernel crashes when
> trying to access registers beyond max_registers.
> 
> This patch just adds check before accessing the register range.

>  	/* Check for unwritable registers before we start */
> -	if (map->writeable_reg)
> -		for (i = 0; i < val_len / map->format.val_bytes; i++)
> -			if (!map->writeable_reg(map->dev,
> -						reg + (i * map->reg_stride)))
> -				return -EINVAL;
> +	for (i = 0; i < count; i++)
> +		if (!regmap_writeable(map, reg + (i * map->reg_stride)))
> +			return -EINVAL;

Your changelog doesn't correspond to what the code is actually doing
here...  what you're actually doing here is replacing an open coding of
regmap_writeable() with calls to the function.

The same papering over the cracks concerns do apply here as well, it's
not immediately obvious that this is a good fix for the issue you
describe.

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists