| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <16dbf099b4f9e026b141ae26661d2615084e3016.camel@analog.com>
Date: Sun, 12 Apr 2020 14:23:45 +0000
From: "Ardelean, Alexandru" <alexandru.Ardelean@...log.com>
To: "jic23@...nel.org" <jic23@...nel.org>
CC: "Tachici, Alexandru" <Alexandru.Tachici@...log.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-iio@...r.kernel.org" <linux-iio@...r.kernel.org>
Subject: Re: [PATCH v2] iio: adc: ad7192: fix null pointer de-reference crash
during probe
On Sun, 2020-04-12 at 12:38 +0100, Jonathan Cameron wrote:
> [External]
>
> On Tue, 7 Apr 2020 09:33:10 +0300
> Alexandru Ardelean <alexandru.ardelean@...log.com> wrote:
>
> > When the 'spi_device_id' table was removed, it omitted to cleanup/fix the
> > assignment:
> > 'indio_dev->name = spi_get_device_id(spi)->name;'
> >
> > After that patch 'spi_get_device_id(spi)' returns NULL, so this crashes
> > during probe with null de-ref.
> >
> > This change assigns the 'compatible' string from the DT table, as the new
> > 'indio_dev->name'. As such, the new device/part name now looks like
> > 'adi,ad719x', and now has the vendor prefix.
> >
> > Note that this change is not doing any NULL check to the return value of
> > 'of_match_device()'. This shouldn't happen, and if it does it's likely a
> > framework error on the probe side.
> >
> > Fixes: 66614ab2be38 ("staging: iio: adc: ad7192: removed spi_device_id")
> > Signed-off-by: Alexandru Ardelean <alexandru.ardelean@...log.com>
>
> Hmm. Returning the compatible isn't compatible with the ABI.
i was a bit vague on whether part-name can contain vendor prefix [in terms of
ABI];
chances are really low that a part-name from vendor A could collide with part-
name from a vendor B
>
> I think we will have to introduce a bit of indirection here to
> allow for a 'chip info' type structure with the name and the magic ID value
> that is currently in the data field of the of_device_id table.
i'll do that for V2
>
> That way we can have the name explicit. Note I don't want to
> mess around with stripping the prefix off the compatible as that sort of
> thing is hard to read.
>
> Jonathan
>
> > ---
> >
> > Changelog v1 -> v2:
> > * fix colon for Fixes tag
> > * updated commit title a bit; to make it longer
> >
> > drivers/iio/adc/ad7192.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/iio/adc/ad7192.c b/drivers/iio/adc/ad7192.c
> > index 8ec28aa8fa8a..0039a45e1f33 100644
> > --- a/drivers/iio/adc/ad7192.c
> > +++ b/drivers/iio/adc/ad7192.c
> > @@ -888,6 +888,7 @@ MODULE_DEVICE_TABLE(of, ad7192_of_match);
> >
> > static int ad7192_probe(struct spi_device *spi)
> > {
> > + const struct of_device_id *of_id;
> > struct ad7192_state *st;
> > struct iio_dev *indio_dev;
> > int ret, voltage_uv = 0;
> > @@ -937,10 +938,12 @@ static int ad7192_probe(struct spi_device *spi)
> > goto error_disable_avdd;
> > }
> >
> > + of_id = of_match_device(ad7192_of_match, &spi->dev);
> > +
> > spi_set_drvdata(spi, indio_dev);
> > - st->devid = (unsigned long)of_device_get_match_data(&spi->dev);
> > + st->devid = (unsigned long)of_id->data;
> > indio_dev->dev.parent = &spi->dev;
> > - indio_dev->name = spi_get_device_id(spi)->name;
> > + indio_dev->name = of_id->compatible;
> > indio_dev->modes = INDIO_DIRECT_MODE;
> >
> > ret = ad7192_channels_config(indio_dev);
Powered by blists - more mailing lists