lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 12 Nov 2018 16:37:21 +0100
From:   Martin Kaiser <martin@...ser.cx>
To:     Leonard Crestez <leonard.crestez@....com>
Cc:     "A.s. Dong" <aisheng.dong@....com>,
        Fabio Estevam <festevam@...il.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        Shawn Guo <shawnguo@...nel.org>,
        Stefan Agner <stefan@...er.ch>,
        Pengutronix Kernel Team <kernel@...gutronix.de>,
        "linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        dl-linux-imx <linux-imx@....com>
Subject: Re: [PATCH] pinctrl: imx: make sure that maps are fully initialized

Hi Leonard,

Thus wrote Leonard Crestez (leonard.crestez@....com):

> On 11/10/18 7:37 PM, Martin Kaiser wrote:
> > The commit that added scu based pinctrl support introduced a regression
> > for the mmio case. In the for-loop where the maps are initialized, we
> > end up creating a partially initialized map in some cases. This causes a
> > kernel panic when such a map is used at a later stage.

> > Fixes: b96eea718bf6 ("pinctrl: fsl: add scu based pinctrl support")
> > Cc: A.s. Dong <aisheng.dong@....com>

> > diff --git a/drivers/pinctrl/freescale/pinctrl-imx.c b/drivers/pinctrl/freescale/pinctrl-imx.c
> > @@ -108,9 +108,6 @@ static int imx_dt_node_to_map(struct pinctrl_dev *pctldev,
> >   	new_map++;
> >   	for (i = j = 0; i < grp->num_pins; i++) {
> >   		pin = &((struct imx_pin *)(grp->data))[i];
> > -		new_map[j].type = PIN_MAP_TYPE_CONFIGS_PIN;
> > -		new_map[j].data.configs.group_or_pin =
> > -					pin_get_name(pctldev, pin->pin);

> >   		if (info->flags & IMX_USE_SCU) {
> >   			/*
> > @@ -126,7 +123,12 @@ static int imx_dt_node_to_map(struct pinctrl_dev *pctldev,
> >   			new_map[j].data.configs.num_configs = 1;
> >   		}

> > -		j++;
> > +		if (new_map[j].data.configs.num_configs) {
> > +			new_map[j].type = PIN_MAP_TYPE_CONFIGS_PIN;
> > +			new_map[j].data.configs.group_or_pin =
> > +				pin_get_name(pctldev, pin->pin);
> > +			j++;
> > +		}

> Sorry but I don't think this is correct.

> The new_map array is allocated with kmalloc_array so we can't rely on 
> new_map[j].data.configs.num_configs being initialized to zero unless 
> assigned to.

you're right. There's no guarantee that the memory area is initialized
to 0.

Regards,
Martin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ