lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CACRpkdYG6FK4h8_ZLCWkHSreZPRewEjysiMNtDV2pa4AykuHsw@mail.gmail.com>
Date:   Mon, 1 Oct 2018 13:46:48 +0200
From:   Linus Walleij <linus.walleij@...aro.org>
To:     yanjiang.jin@...-semitech.com
Cc:     jinyanjiang@...il.com, yu.zheng@...-semitech.com,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] pinctrl: core: make sure strcmp() doesn't get a null parameter

On Sat, Sep 29, 2018 at 11:07 AM Yanjiang Jin
<yanjiang.jin@...-semitech.com> wrote:

> Some drivers, for example, QCOM's qdf2xxx, set groups[gpio].name only
> when gpio is valid, and leave invalid gpio names as null.
> If we want to access the sys node "pinconf-groups",
> pinctrl_get_group_selector() -> get_group_name() may return a null
> pointer if group_selector is invalid, then the below Kernel panic
> would happen since strcmp() uses this null pointer to do comparison.
>
>  Unable to handle kernel NULL pointer dereference at ss 00000000
> el:Internal error: Oops: 9600000[ 143.080279]
> SMP
>  CPU: 19 PID: 2493 Comm: read_all Tainted: G O
> .aarch64 #1
>  Hardware name: HXT Semiconductor HXT REP-2 System
>  PC is at strcmp+0x18/0x154
>  LR is at pinctrl_get_group_selector+0x6c/0xe8
>  Process read_all (pid: 2493, stack limit =
>  Call trace:
>  Exception stack
>   strcmp+0x18/0x154
>   pin_config_group_get+0x64/0xd8
>   pinconf_generic_dump_one+0xd8/0x1c0
>   pinconf_generic_dump_pins+0x94/0xc8
>   pinconf_groups_show+0xb4/0x104
>   seq_read+0x178/0x464
>   full_proxy_read+0x6c/0xac
>   __vfs_read+0x58/0x178
>   vfs_read+0x94/0x164
>   SyS_read+0x60/0xc0
>   __sys_trace_return+0x0/0x4
>  --[ end trace]--
>  Kernel panic - not syncing: Fatal exception
>
> Signed-off-by: Yanjiang Jin <yanjiang.jin@...-semitech.com>

Good catch!

Patch applied.

Yours,
Linus Walleij

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ