lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20150531172130.GA8669@wernerandy.de>
Date:	Sun, 31 May 2015 19:21:30 +0200
From:	Andreas Werner <andy@...nerandy.de>
To:	linux-kernel@...r.kernel.org
Cc:	gregkh@...uxfoundation.org, broonie@...nel.org
Subject: regmap: regmap-debugfs.c crash if max_register is not set

Hi,
i am currently working on a driver using regmap.

The test system i my Mac Book Air using the i2c-stub driver for the first tests.
The Kernel is the Arch Linux Kernel 4.0.2-1-ARCH.

First thing after setting up all the ranges was to check the debugfs.
After i did a cat on the ranges debugfs entry i got a oops.

[15776.817084] ------------[ cut here ]------------
[15776.817097] WARNING: CPU: 1 PID: 7165 at drivers/base/regmap/regmap-debugfs.c:151 regmap_debugfs_get_dump_start.part.0+0x1f7/0x260()
[15776.817099] Modules linked in: menaf07bmc(O) i2c_stub(O) regmap_i2c rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 dns_resolver i2c_dev rfcomm 
fuse bnep videodev media joydev msr ax88179_178a usbnet mii mousedev hid_apple hid_generic uas snd_hda_codec_hdmi btusb bluetooth usbhid hid bcm5974 
nls_iso8859_1 nls_cp437 vfat fat wl(PO) iTCO_wdt iTCO_vendor_support evdev mac_hid coretemp intel_rapl iosf_mbi x86_pkg_temp_thermal 
intel_powerclamp kvm_intel kvm snd_hda_codec_cirrus snd_hda_codec_generic crct10dif_pclmul i915 crc32_pclmul crc32c_intel ghash_clmulni_intel 
applesmc led_class input_polldev hwmon snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep aesni_intel cfg80211 snd_pcm drm_kms_helper 
aes_x86_64 lrw snd_timer gf128mul glue_helper snd ablk_helper cryptd drm pcspkr thunderbolt i2c_i801
[15776.817160]  dw_dmac_pci sbs lpc_ich bdc_pci battery rfkill dw_dmac_core intel_gtt i2c_algo_bit sbshc i2c_core soundcore spi_pxa2xx_platform 
apple_bl video ac mei_me button mei shpchp processor sch_fq_codel nfs lockd grace sunrpc fscache ext4 crc16 mbcache jbd2 usb_storage sd_mod ahci 
libahci libata scsi_mod xhci_pci xhci_hcd usbcore usb_common [last unloaded: i2c_stub]
[15776.817193] CPU: 1 PID: 7165 Comm: cat Tainted: P        W  O    4.0.2-1-ARCH #1
[15776.817196] Hardware name: Apple Inc. MacBookAir6,1/Mac-35C1E88140C3E6CF, BIOS MBA61.88Z.0099.B09.1402071141 02/07/2014
[15776.817198]  0000000000000000 000000007c1475e9 ffff880137fcbda8 ffffffff81571be3
[15776.817202]  0000000000000000 0000000000000000 ffff880137fcbde8 ffffffff81074dda
[15776.817205]  ffffffffff10200f ffff88008999c118 ffff88008999c000 ffff88008999c118
[15776.817208] Call Trace:
[15776.817218]  [<ffffffff81571be3>] dump_stack+0x4c/0x6e
[15776.817226]  [<ffffffff81074dda>] warn_slowpath_common+0x8a/0xc0
[15776.817230]  [<ffffffff81074f0a>] warn_slowpath_null+0x1a/0x20
[15776.817234]  [<ffffffff81404c37>] regmap_debugfs_get_dump_start.part.0+0x1f7/0x260
[15776.817238]  [<ffffffff81405072>] regmap_reg_ranges_read_file+0xb2/0x280
[15776.817245]  [<ffffffff811d8d48>] __vfs_read+0x18/0x50
[15776.817248]  [<ffffffff811d8e07>] vfs_read+0x87/0x140
[15776.817252]  [<ffffffff811d8f19>] SyS_read+0x59/0xd0
[15776.817258]  [<ffffffff81577509>] system_call_fastpath+0x12/0x17
[15776.817260] ---[ end trace bd5c1e41e89c5481 ]---


My regmap config is as following:
static const struct regmap_config menaf07_config = {
	.reg_bits = 8,
	.val_bits = 8,
	.wr_table = &menaf07bmc_writeable_table,
	.rd_table = &menaf07bmc_readable_table,
}

I checked the code in regmap-debugfs.c and found that the
regmap_debugfs_get_dump_start function use the max_register to itterate over
the ranges.

I set the max_register in the config to a valid value and everything worked find.

In the documention of the regmap_config struct the max_register setting is defined as "optional".
Should it be defined as mandatory do prevent such an oops? May be we can also adapt the regmap_init
to check max_register for a valid value.

Regards
Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ