lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5530D6D2.8080103@gmx.at>
Date:	Fri, 17 Apr 2015 11:48:02 +0200
From:	Manfred Schlaegl <manfred.schlaegl@....at>
To:	Jean-Christophe Plagniol-Villard <plagnioj@...osoft.com>,
	Tomi Valkeinen <tomi.valkeinen@...com>
CC:	Manfred Schlaegl <manfred.schlaegl@....at>,
	linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	Manfred Schlaegl <manfred.schlaegl@...zinger.com>
Subject: [PATCH] video/logo: fix use logo after free prevention

After 92b004d1aa9f367c372511ca0330f58216b25703 the logos disappeared on
Freescale i.MX53 and i.MX6 SoC's (detected on linux-3.12.37).
This happens because the fb_find_logo function is validly called
(initdata still not freed) AFTER newly introduced latecall
fb_logo_late_init.

Instead of stetting a logos_freed flag somewhere in lateinit, this patch
uses system_state==SYSTEM_BOOTING as indication for valid initdata.

Signed-off-by: Manfred Schlaegl <manfred.schlaegl@....at>
---
 drivers/video/logo/logo.c |   21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/drivers/video/logo/logo.c b/drivers/video/logo/logo.c
index 10fbfd8..ad37561 100644
--- a/drivers/video/logo/logo.c
+++ b/drivers/video/logo/logo.c
@@ -21,21 +21,6 @@ static bool nologo;
 module_param(nologo, bool, 0);
 MODULE_PARM_DESC(nologo, "Disables startup logo");
 
-/*
- * Logos are located in the initdata, and will be freed in kernel_init.
- * Use late_init to mark the logos as freed to prevent any further use.
- */
-
-static bool logos_freed;
-
-static int __init fb_logo_late_init(void)
-{
-	logos_freed = true;
-	return 0;
-}
-
-late_initcall(fb_logo_late_init);
-
 /* logo's are marked __initdata. Use __init_refok to tell
  * modpost that it is intended that this function uses data
  * marked __initdata.
@@ -44,7 +29,11 @@ const struct linux_logo * __init_refok fb_find_logo(int depth)
 {
 	const struct linux_logo *logo = NULL;
 
-	if (nologo || logos_freed)
+	/*
+	 * Logos are located in the initdata, and will be freed in kernel_init.
+	 * Use system_state to determine, if initdata is still useable.
+	 */
+	if (nologo || system_state != SYSTEM_BOOTING)
 		return NULL;
 
 	if (depth >= 1) {
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ