| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180919213051.199105-1-yuzhao@google.com>
Date: Wed, 19 Sep 2018 15:30:51 -0600
From: Yu Zhao <yuzhao@...gle.com>
To: Mark Brown <broonie@...nel.org>
Cc: Liam Girdwood <lgirdwood@...il.com>, linux-kernel@...r.kernel.org,
Yu Zhao <yuzhao@...gle.com>
Subject: [PATCH] regulator: fix crash caused by null driver data
dev_set_drvdata() needs to be called before device_register()
exposes device to userspace. Otherwise kernel crashes after it
gets null pointer from dev_get_drvdata() when userspace tries
to access sysfs entries.
[ 25.566073] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 25.621976] gsmi: Log Shutdown Reason 0x03
<snipped>
[ 25.747085] Call Trace:
[ 25.749532] name_show+0x51/0x6f
[ 25.752760] dev_attr_show+0x59/0xa0
[ 25.756333] ? device_namespace+0x9e/0x9e
[ 25.760339] sysfs_kf_seq_show+0x228/0x33b
[ 25.764434] seq_read+0x74f/0xd58
[ 25.767747] ? set_track+0x63/0xfa
[ 25.771148] ? kzalloc+0xf/0xf
[ 25.774200] ? _copy_to_user+0x87/0x9a
[ 25.777947] __vfs_read+0x106/0x320
[ 25.781433] ? mandatory_lock+0x94/0x94
[ 25.785267] ? fsnotify_unmount_inodes+0x17d/0x17d
[ 25.790053] ? inode_security+0x17/0x40
[ 25.793885] ? selinux_file_permission+0x176/0x342
[ 25.798670] ? security_file_permission+0x77/0x98
[ 25.803369] vfs_read+0xf3/0x197
[ 25.806595] SyS_read+0xfa/0x19b
[ 25.809822] ? file_end_write+0x91/0x91
[ 25.813653] ? filp_close+0xdb/0x100
[ 25.817225] ? file_end_write+0x91/0x91
[ 25.821057] do_syscall_64+0x184/0x1bb
[ 25.824804] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
<snipped>
[ 25.895502] RIP: rdev_get_name+0x29/0xa5 RSP: ffff8801d45779f0
[ 26.550863] ---[ end trace fb2a7bb4f63aeba5 ]---
Signed-off-by: Yu Zhao <yuzhao@...gle.com>
---
drivers/regulator/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 5f2218c67edf..69565ff65800 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -4404,13 +4404,13 @@ regulator_register(const struct regulator_desc *regulator_desc,
!rdev->desc->fixed_uV)
rdev->is_switch = true;
+ dev_set_drvdata(&rdev->dev, rdev);
ret = device_register(&rdev->dev);
if (ret != 0) {
put_device(&rdev->dev);
goto unset_supplies;
}
- dev_set_drvdata(&rdev->dev, rdev);
rdev_init_debugfs(rdev);
/* try to resolve regulators supply since a new one was registered */
--
2.19.0.397.gdd90340f6a-goog
Powered by blists - more mailing lists