lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 12 Apr 2020 14:23:45 +0000
From:   "Ardelean, Alexandru" <alexandru.Ardelean@...log.com>
To:     "jic23@...nel.org" <jic23@...nel.org>
CC:     "Tachici, Alexandru" <Alexandru.Tachici@...log.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-iio@...r.kernel.org" <linux-iio@...r.kernel.org>
Subject: Re: [PATCH v2] iio: adc: ad7192: fix null pointer de-reference crash
 during probe

On Sun, 2020-04-12 at 12:38 +0100, Jonathan Cameron wrote:
> [External]
> 
> On Tue, 7 Apr 2020 09:33:10 +0300
> Alexandru Ardelean <alexandru.ardelean@...log.com> wrote:
> 
> > When the 'spi_device_id' table was removed, it omitted to cleanup/fix the
> > assignment:
> >   'indio_dev->name = spi_get_device_id(spi)->name;'
> > 
> > After that patch 'spi_get_device_id(spi)' returns NULL, so this crashes
> > during probe with null de-ref.
> > 
> > This change assigns the 'compatible' string from the DT table, as the new
> > 'indio_dev->name'. As such, the new device/part name now looks like
> > 'adi,ad719x', and now has the vendor prefix.
> > 
> > Note that this change is not doing any NULL check to the return value of
> > 'of_match_device()'. This shouldn't happen, and if it does it's likely a
> > framework error on the probe side.
> > 
> > Fixes: 66614ab2be38 ("staging: iio: adc: ad7192: removed spi_device_id")
> > Signed-off-by: Alexandru Ardelean <alexandru.ardelean@...log.com>
> 
> Hmm. Returning the compatible isn't compatible with the ABI.

i was a bit vague on whether part-name can contain vendor prefix [in terms of
ABI];
chances are really low that a part-name from vendor A could collide with part-
name from a vendor B

> 
> I think we will have to introduce a bit of indirection here to
> allow for a 'chip info' type structure with the name and the magic ID value
> that is currently in the data field of the of_device_id table.

i'll do that for V2

> 
> That way we can have the name explicit.   Note I don't want to
> mess around with stripping the prefix off the compatible as that sort of
> thing is hard to read.
> 
> Jonathan
> 
> > ---
> > 
> > Changelog v1 -> v2:
> > * fix colon for Fixes tag
> > * updated commit title a bit; to make it longer
> > 
> >  drivers/iio/adc/ad7192.c | 7 +++++--
> >  1 file changed, 5 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c
> > index 8ec28aa8fa8a..0039a45e1f33 100644
> > --- a/drivers/iio/adc/ad7192.c
> > +++ b/drivers/iio/adc/ad7192.c
> > @@ -888,6 +888,7 @@ MODULE_DEVICE_TABLE(of, ad7192_of_match);
> >  
> >  static int ad7192_probe(struct spi_device *spi)
> >  {
> > +	const struct of_device_id *of_id;
> >  	struct ad7192_state *st;
> >  	struct iio_dev *indio_dev;
> >  	int ret, voltage_uv = 0;
> > @@ -937,10 +938,12 @@ static int ad7192_probe(struct spi_device *spi)
> >  		goto error_disable_avdd;
> >  	}
> >  
> > +	of_id = of_match_device(ad7192_of_match, &spi->dev);
> > +
> >  	spi_set_drvdata(spi, indio_dev);
> > -	st->devid = (unsigned long)of_device_get_match_data(&spi->dev);
> > +	st->devid = (unsigned long)of_id->data;
> >  	indio_dev->dev.parent = &spi->dev;
> > -	indio_dev->name = spi_get_device_id(spi)->name;
> > +	indio_dev->name = of_id->compatible;
> >  	indio_dev->modes = INDIO_DIRECT_MODE;
> >  
> >  	ret = ad7192_channels_config(indio_dev);

Powered by blists - more mailing lists