lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150422164701.GJ20701@google.com>
Date:	Wed, 22 Apr 2015 11:47:01 -0500
From:	Bjorn Helgaas <bhelgaas@...gle.com>
To:	Ricardo Ribalda Delgado <ricardo.ribalda@...il.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Grant Likely <grant.likely@...aro.org>,
	Rob Herring <robh+dt@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jakub Sitnicki <jsitnicki@...il.com>,
	Vivek Goyal <vgoyal@...hat.com>,
	Jiang Liu <jiang.liu@...ux.intel.com>,
	Mike Travis <travis@....com>,
	Thierry Reding <treding@...dia.com>,
	linux-kernel@...r.kernel.org, devicetree@...r.kernel.org
Subject: Re: [PATCH v3 1/4] kernel/resource: Invalid memory access in
 __release_resource

On Wed, Apr 22, 2015 at 06:14:18PM +0200, Ricardo Ribalda Delgado wrote:
> When a resource is initialized via of_platform_populate.
> resource->parent is initialized to NULL via kzalloc.
> (of_platform_populate->of_device_alloc->of_address_to_resource)
> 
> If of_platform_depopulate is called later, resource->parent is
> accessed (Offset 0x30 of address 0), causing a kernel error.
> 
> This patch evaluates resouce->parent before accessing it. If it
> is not initialized, -EACCESS is returned.
> 
> Also a WARN is thrown, so the developer can have a hint about what
> needs to be fixed.
> 
> Fixes:
> BUG: unable to handle kernel NULL pointer deference at 0000000000000030
> IP: release_resource+0x26/0x90
> Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@...il.com>
> ---
>  kernel/resource.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/resource.c b/kernel/resource.c
> index 90552aa..b7b270f 100644
> --- a/kernel/resource.c
> +++ b/kernel/resource.c
> @@ -237,6 +237,9 @@ static int __release_resource(struct resource *old)
>  {
>  	struct resource *tmp, **p;
>  
> +	if (WARN_ON(!old->parent))
> +		return -EINVAL;

I'm not really a fan of this.  The NULL pointer oops is a very good clue
all by itself, and it doesn't require any extra code here.

>  	p = &old->parent->child;
>  	for (;;) {
>  		tmp = *p;
> -- 
> 2.1.4
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ