| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150219103156.GD3198@finisterre.sirena.org.uk>
Date: Thu, 19 Feb 2015 19:31:56 +0900
From: Mark Brown <broonie@...nel.org>
To: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 2/2] regmap: Add range check in _regmap_raw_write()
On Thu, Feb 19, 2015 at 08:40:55AM +0000, Srinivas Kandagatla wrote:
> regmap_bulk_write() ends up using the path that invokes _regmap_raw_write(),
> however _regmap_raw_write() never checks if the registers that are accessed
> are actually within the accessible range. This results in kernel crashes when
> trying to access registers beyond max_registers.
>
> This patch just adds check before accessing the register range.
> /* Check for unwritable registers before we start */
> - if (map->writeable_reg)
> - for (i = 0; i < val_len / map->format.val_bytes; i++)
> - if (!map->writeable_reg(map->dev,
> - reg + (i * map->reg_stride)))
> - return -EINVAL;
> + for (i = 0; i < count; i++)
> + if (!regmap_writeable(map, reg + (i * map->reg_stride)))
> + return -EINVAL;
Your changelog doesn't correspond to what the code is actually doing
here... what you're actually doing here is replacing an open coding of
regmap_writeable() with calls to the function.
The same papering over the cracks concerns do apply here as well, it's
not immediately obvious that this is a good fix for the issue you
describe.
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists