lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <76b17374-b58a-a8f8-db8a-75ef28632a0a@st.com>
Date:   Wed, 30 Jan 2019 08:58:49 +0000
From:   Gabriel FERNANDEZ <gabriel.fernandez@...com>
To:     Ken Sloat <ken.sloat@...linxelectronics.com>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>
CC:     Dan Carpenter <dan.carpenter@...cle.com>,
        linux-input <linux-input@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        "Nate Drude" <nate.drude@...linxelectronics.com>,
        Giuseppe CONDORELLI <giuseppe.condorelli@...com>
Subject: Re: [bug report] Input: add st-keyscan driver

Hi all,

I prefer to fix it. I guess people used their own correction.

I will send you a fix  asap.


Best Regards


Gabriel


On 1/27/19 2:20 AM, Ken Sloat wrote:
> On Sat, Jan 26, 2019 at 5:15 PM Dmitry Torokhov
> <dmitry.torokhov@...il.com> wrote:
>> On Sat, Jan 26, 2019 at 1:25 PM Ken Sloat
>> <ken.sloat@...linxelectronics.com> wrote:
>>> On Tue, Jan 22, 2019 at 1:53 PM Dan Carpenter <dan.carpenter@...cle.com> wrote:
>>>> Hello Gabriel FERNANDEZ,
>>> Hello Dan,
>>>
>>> I have added CCs for the maintainers as well as Gabriel Fernandez as
>>> currently you just have the linux-input mailing list
>>>
>>>> The patch 062589b13991: "Input: add st-keyscan driver" from Apr 12,
>>>> 2014, leads to the following static checker warning:
>>>>
>>>>          drivers/input/keyboard/st-keyscan.c:156 keyscan_probe()
>>>>          error: potential zalloc NULL dereference: 'keypad_data->input_dev'
>>>>
>>>> drivers/input/keyboard/st-keyscan.c
>>>>      125 static int keyscan_probe(struct platform_device *pdev)
>>>>      126 {
>>>>      127         struct st_keyscan *keypad_data;
>>>>      128         struct input_dev *input_dev;
>>>>      129         struct resource *res;
>>>>      130         int error;
>>>>      131
>>>>      132         if (!pdev->dev.of_node) {
>>>>      133                 dev_err(&pdev->dev, "no DT data present\n");
>>>>      134                 return -EINVAL;
>>>>      135         }
>>>>      136
>>>>      137         keypad_data = devm_kzalloc(&pdev->dev, sizeof(*keypad_data),
>>>>      138                                    GFP_KERNEL);
>>>>      139         if (!keypad_data)
>>>>      140                 return -ENOMEM;
>>>>      141
>>>>      142         input_dev = devm_input_allocate_device(&pdev->dev);
>>>>      143         if (!input_dev) {
>>>>      144                 dev_err(&pdev->dev, "failed to allocate the input device\n");
>>>>      145                 return -ENOMEM;
>>>>      146         }
>>>>      147
>>>>      148         input_dev->name = pdev->name;
>>>>      149         input_dev->phys = "keyscan-keys/input0";
>>>>      150         input_dev->dev.parent = &pdev->dev;
>>>>      151         input_dev->open = keyscan_open;
>>>>      152         input_dev->close = keyscan_close;
>>>>      153
>>>>      154         input_dev->id.bustype = BUS_HOST;
>>>>      155
>>>> --> 156         error = keypad_matrix_key_parse_dt(keypad_data);
>>>>                                                     ^^^^^^^^^^^
>>> I agree with you this would be a problem
>>> to clarify the NULL derefence would occur here within keypad_matrix_key_parse_dt
>>>
>>> struct device *dev = keypad_data->input_dev->dev.parent;
>>>
>>>> This assumes we have set "keypad_data->input_dev = input_dev;" but we
>>>> don't do that until...
>>>>
>>>>      157         if (error)
>>>>      158                 return error;
>>>>      159
>>>>      160         error = matrix_keypad_build_keymap(NULL, NULL,
>>>>      161                                            keypad_data->n_rows,
>>>>      162                                            keypad_data->n_cols,
>>>>      163                                            NULL, input_dev);
>>>>      164         if (error) {
>>>>      165                 dev_err(&pdev->dev, "failed to build keymap\n");
>>>>      166                 return error;
>>>>      167         }
>>>>      168
>>>>      169         input_set_drvdata(input_dev, keypad_data);
>>>>      170
>>>>      171         keypad_data->input_dev = input_dev;
>>>>                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>>
>>>> this line here.  This driver has never worked and it was included almost
>>>> five years ago.  Is it worth fixing?
>>>>
>>>>      172
>>>>      173         res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
>>>>      174         keypad_data->base = devm_ioremap_resource(&pdev->dev, res);
>>>>      175         if (IS_ERR(keypad_data->base))
>>>>      176                 return PTR_ERR(keypad_data->base);
>>>>      177
>>>>
>>>> regards,
>>>> dan carpenter
>>>>
>>> Here is the interesting thing, I was looking on patchwork, and several
>>> of the patches including what appears to be the latest actually set
>>> "keypad_data->input_dev = input_dev" before calling
>>> "keypad_matrix_key_parse_dt"
>>>
>>>  From v4 on patchwork
>>> + if (IS_ERR(keypad_data->clk)) {
>>> + dev_err(&pdev->dev, "cannot get clock");
>>> + return PTR_ERR(keypad_data->clk);
>>> + }
>>> +
>>> + keypad_data->input_dev = input_dev;
>>> +
>>> + input_dev->name = pdev->name;
>>> + input_dev->phys = "keyscan-keys/input0";
>>> + input_dev->dev.parent = &pdev->dev;
>>> + input_dev->open = keyscan_open;
>>> + input_dev->close = keyscan_close;
>>> +
>>> + input_dev->id.bustype = BUS_HOST;
>>> +
>>> + error = keypad_matrix_key_parse_dt(keypad_data);
>>>
>>> According to patchwork, these aren't listed as accepted, so I'm not
>>> sure where the exact accepted patch came from. Looking at the commit
>>> log, it looks like the issue you showed above was made in the original
>>> commit 062589b1399176a9c14bc68e16169f40439d658c so I'm not quite sure
>>> what is going on here. Maybe the maintainer can chime in with the
>>> original patch/mailing list discussion on this. For reference, I've
>>> added the patchwork links below
>>> https://patchwork.kernel.org/patch/3854341/
>>> https://patchwork.kernel.org/patch/3968891/
>>> https://patchwork.kernel.org/patch/3969991/
>> It may very well be that I messed up when applying the patch. I guess
>> whatever platform that is using the driver has not attempted to update
>> their kernel since then.
>>
>> Thanks.
>>
>> --
>> Dmitry
> Hi Dmitry,
>
> Thanks for the quick response. Yes I was just looking at the other
> mailing lists patchwork and while comments were missing on the
> linux-input list for the v4 patch, there was a discussion on the
> regular kernel mailing list:
> https://lore.kernel.org/patchwork/patch/455450/#630445
>
> It looks like you told him he didn't need to submit a v5 but generated
> one based on the changes suggested in the discussion:
>
> [begin quote]
> On Wed, Apr 16, 2014 at 10:49:29AM +0200, Gabriel Fernandez wrote:
>> On 13 April 2014 07:10, Dmitry Torokhov <dmitry.torokhov@...il.com> wrote:
>>> Does the version of the patch below still work for you?
>>>
>> Yes it's was tested on b2000 and b2089 sti boards.
>>
>>> Thanks.
>>>
>>> --
>>> Dmitry
>>>
>> Thanks for yours remarks, i will prepare a v5 versions.
>
> If the version I sent to you works then you do not need to prepare v5,
> I'll just apply what I have.
>
> Thanks!
> [end quote]
>
> So I guess Dan's original question remains, should this be fixed
> considering it's so old and apparently nobody could possibly be using
> it in the kernel since it doesn't work (in which case the driver
> should probably be dropped) or should we fix it?
>
> Thanks,
> Ken Sloat

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ