lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151112161413.GB3913@ulmo>
Date:	Thu, 12 Nov 2015 17:14:13 +0100
From:	Thierry Reding <thierry.reding@...il.com>
To:	LABBE Corentin <clabbe.montjoie@...il.com>
Cc:	Uwe Kleine-König 
	<u.kleine-koenig@...gutronix.de>,
	LABBE Corentin <montjoie.mailing@...il.com>, gnurou@...il.com,
	ldewangan@...dia.com, swarren@...dotorg.org, wsa@...-dreams.de,
	linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-tegra@...r.kernel.org
Subject: Re: [PATCH] i2c: tegra: fix a possible NULL dereference

On Thu, Nov 12, 2015 at 03:54:58PM +0100, LABBE Corentin wrote:
> On Thu, Nov 12, 2015 at 02:55:00PM +0100, Thierry Reding wrote:
> > On Thu, Nov 12, 2015 at 02:45:20PM +0100, Uwe Kleine-König wrote:
> > > On Thu, Nov 12, 2015 at 02:28:37PM +0100, Thierry Reding wrote:
> > > > On Thu, Nov 12, 2015 at 01:54:22PM +0100, LABBE Corentin wrote:
> > > > > On Thu, Nov 12, 2015 at 01:29:23PM +0100, Thierry Reding wrote:
> > > > > > On Thu, Nov 12, 2015 at 08:26:03AM +0100, LABBE Corentin wrote:
> > > > > > > of_match_device could return NULL, and so cause a NULL pointer
> > > > > > 
> > > > > > No. There is no way that of_match_device() can ever fail. The driver
> > > > > > core uses the same table to match the OF device to the driver, so the
> > > > > > only case where of_match_device() would return NULL is if no match was
> > > > > > found, in which case the tegra_i2c_probe() function would never have
> > > > > > been called in the first place.
> > > > > > 
> > > > > > Thierry
> > > > > > 
> > > > > 
> > > > > In a parallel thread for i2c-rcar, the conclusion was different.
> > > > > https://lkml.org/lkml/2015/11/12/83
> > > > 
> > > > The conclusion was the same: there should be no case where this happens.
> > > > The example that Uwe gave is hypothetical and not valid DT in the first
> > > > place. So instead of chickening out I think it'd be better to just crash
> > > > to make sure people fix the DT.
> > > 
> > > It depends in your trust in the DT. Just because it's not advisable to
> > > do something that is not documented usually isn't a good excuse to not
> > > handle broken input. That't the case for webserver requests, arguments
> > > to system calls and several more. I admit DT is a bit special because
> > > you have to assume it's trusted, but still handling errors in a sane way
> > > is IMHO nice.
> > 
> > Given that it's supposed to be provided by firmware and possibly from a
> > ROM, crashing might be a better motivation for fixing it than erroring
> > out, which people might just ignore or not notice until it's too late.
> > 
> > > > On a side-note I think that platform_match() should be stricter and do
> > > > something like this instead:
> > > > 
> > > > 	if (dev->of_node) {
> > > > 		if (of_driver_match_device(dev, drv))
> > > > 			return 1;
> > > > 
> > > > 		return 0;
> > > > 	}
> > > That's equivalent to
> > > 
> > > 	if (dev->of_node)
> > > 		return of_driver_match_device(dev, drv);
> > > 
> > > and was already suggested in the thread referenced from my reply to
> > > http://article.gmane.org/gmane.linux.kernel/2083641 :-)
> > 
> > Ah, too many cross-reference =) FWIW:
> > 
> > Acked-by: Thierry Reding <treding@...dia.com>
> > 
> 
> Just for be sure, since the thread goes in lot of direction, you ack my patch ?
> Perhaps is it better that I resent a version which use of_device_get_match_data() ?

No, the Acked-by was for Uwe's proposal to modify platform_match(). I
think if we want to gracefully handle these cases, then the right way to
do so is by having the driver core not fallback to name matches for
devices instantiated from device tree.

Sorry for being unclear.

Thierry

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ