lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <57877FEE.6020405@enneenne.com>
Date:	Thu, 14 Jul 2016 14:05:02 +0200
From:	Rodolfo Giometti <giometti@...eenne.com>
To:	Jiri Slaby <jslaby@...e.cz>, akpm@...ux-foundation.org
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH -resend] pps: do not crash when failed to register

On 07/14/16 13:52, Jiri Slaby wrote:
> With this command sequence:
>   modprobe plip
>   modprobe pps_parport
>   rmmod pps_parport
> the partport_pps modules causes this crash:
>
> ===
>
> BUG: unable to handle kernel NULL pointer dereference at           (null)
> IP: [<ffffffffa110301d>] parport_detach+0x1d/0x60 [pps_parport]
> Oops: 0000 [#1] SMP
> ...
> Call Trace:
>   [<ffffffffa036a185>] parport_unregister_driver+0x65/0xc0 [parport]
>   [<ffffffff810ff667>] SyS_delete_module+0x187/0x210
>
> ===
>
> 1) plip is loaded and takes the parport device for exclusive use:
>    plip0: Parallel port at 0x378, using IRQ 7.
>
> 2) pps_parport then fails to grab the device:
>    pps_parport: parallel port PPS client
>    parport0: cannot grant exclusive access for device pps_parport
>    pps_parport: couldn't register with parport0
>
> 3) rmmod of pps_parport is then killed because it tries to access
>     pardev->name, but pardev (taken from port->cad) is NULL.
>
> So add a check for NULL in the test there too.
>
> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
> Cc: Rodolfo Giometti <giometti@...eenne.com>
> ---
>   drivers/pps/clients/pps_parport.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
> index 38a8bbe74810..83797d89c30f 100644
> --- a/drivers/pps/clients/pps_parport.c
> +++ b/drivers/pps/clients/pps_parport.c
> @@ -195,7 +195,7 @@ static void parport_detach(struct parport *port)
>   	struct pps_client_pp *device;
>
>   	/* FIXME: oooh, this is ugly! */
> -	if (strcmp(pardev->name, KBUILD_MODNAME))
> +	if (!pardev || strcmp(pardev->name, KBUILD_MODNAME))
>   		/* not our port */
>   		return;
>
>

Acked-by: Rodolfo Giometti <giometti@...eenne.com>

-- 

HCE Engineering                      e-mail: giometti@...-engineering.com
GNU/Linux Solutions                          giometti@...eenne.com
Linux Device Driver                          giometti@...ux.it
Embedded Systems                     phone:  +39 349 2432127
UNIX programming                     skype:  rodolfo.giometti
Cosino Project - the quick prototyping embedded system - www.cosino.io
Freelance ICT Italia - Consulente ICT Italia - www.consulenti-ict.it

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ