| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Aug 2017 14:10:03 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: Linus Walleij <linus.walleij@...aro.org>,
"linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Masami Hiramatsu <masami.hiramatsu@...aro.org>,
Jassi Brar <jaswinder.singh@...aro.org>
Subject: Re: [PATCH v2] [BUGFIX] gpio: reject invalid gpio before getting gpio_desc
On Mon, Jul 31, 2017 at 4:57 AM, Masami Hiramatsu <mhiramat@...nel.org> wrote:
> Check user-given gpio number and reject it before
> calling gpio_to_desc() because gpio_to_desc() is
> for kernel driver and it expects given gpio number
> is valid (means 0 to 511).
> If given number is invalid, gpio_to_desc() calls
> WARN() and dump registers and stack for debug.
> This means user can easily kick WARN() just by
> writing invalid gpio number (e.g. 512) to
> /sys/class/gpio/export.
>
Reviewed-by: Andy Shevchenko <andy.shevchenko@...il.com>
(2 bikesheds below)
> Fixes: 0e9a5edf5d01 ("gpio: fix deferred probe detection for legacy API")
> Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org>
> ---
> Changes in v2:
> - Add gpio_to_valid_desc() according to Andy's comment (Thanks!).
> - Fix patch description.
> ---
> drivers/gpio/gpiolib-sysfs.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib-sysfs.c b/drivers/gpio/gpiolib-sysfs.c
> index 4b44dd97c07f..819f36258925 100644
> --- a/drivers/gpio/gpiolib-sysfs.c
> +++ b/drivers/gpio/gpiolib-sysfs.c
> @@ -2,6 +2,7 @@
> #include <linux/mutex.h>
> #include <linux/device.h>
> #include <linux/sysfs.h>
> +#include <linux/gpio.h>
> #include <linux/gpio/consumer.h>
> #include <linux/gpio/driver.h>
> #include <linux/interrupt.h>
> @@ -432,6 +433,11 @@ static struct attribute *gpiochip_attrs[] = {
> };
> ATTRIBUTE_GROUPS(gpiochip);
>
> +static struct gpio_desc *gpio_to_valid_desc(int gpio)
> +{
> + return gpio_is_valid(gpio) ? gpio_to_desc(gpio) : NULL;
> +}
> +
> /*
> * /sys/class/gpio/export ... write-only
> * integer N ... number of GPIO to export (full access)
> @@ -450,7 +456,8 @@ static ssize_t export_store(struct class *class,
> if (status < 0)
> goto done;
>
> - desc = gpio_to_desc(gpio);
> + desc = gpio_to_valid_desc(gpio);
> +
No need, if you wish better to put modified line after comment.
> /* reject invalid GPIOs */
> if (!desc) {
> pr_warn("%s: invalid GPIO %ld\n", __func__, gpio);
> @@ -492,7 +499,8 @@ static ssize_t unexport_store(struct class *class,
> if (status < 0)
> goto done;
>
> - desc = gpio_to_desc(gpio);
> + desc = gpio_to_valid_desc(gpio);
> +
Ditto.
> /* reject bogus commands (gpio_unexport ignores them) */
> if (!desc) {
> pr_warn("%s: invalid GPIO %ld\n", __func__, gpio);
>
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists