lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 8 Mar 2021 10:31:39 +0100
From:   Václav Kubernát <kubernat@...net.cz>
To:     Jan Kundrát <jan.kundrat@...net.cz>
Cc:     Jean Delvare <jdelvare@...e.com>,
        Guenter Roeck <linux@...ck-us.net>,
        Jonathan Corbet <corbet@....net>, linux-hwmon@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/7] hwmon: (max31790) Allow setting pulses

Thanks, I will include fixes in v2 of the patches.

By the way, I'd like to mention that Jan is my colleague.

Václav

pá 5. 3. 2021 v 13:08 odesílatel Jan Kundrát <jan.kundrat@...net.cz> napsal:
>
> > @@ -285,6 +295,9 @@ static int max31790_write_fan(struct device
> > *dev, u32 attr, int channel,
> >                                  MAX31790_REG_FAN_CONFIG(channel),
> >                                  data->fan_config[channel]);
> >               break;
> > +     case hwmon_fan_pulses:
> > +             data->pulses[channel] = val;
> > +             break;
>
> This needs input validation, otherwise it's possible to write 0 in there
> and you get a division-by-zero in the kernel context:
>
> [102109.999968] Division by zero in kernel.
> [102110.003917] CPU: 1 PID: 27590 Comm: cat Not tainted 5.9.3-cla-cfb #42
> [102110.010462] Hardware name: Marvell Armada 380/385 (Device Tree)
> [102110.016497] [<c010f16c>] (unwind_backtrace) from [<c010ae40>]
> (show_stack+0x10/0x14)
> [102110.024355] [<c010ae40>] (show_stack) from [<c083ba30>]
> (dump_stack+0x94/0xa8)
> [102110.031689] [<c083ba30>] (dump_stack) from [<c083a3fc>]
> (Ldiv0+0x8/0x2c)
> [102110.038499] [<c083a3fc>] (Ldiv0) from [<c064c1ac>]
> (max31790_read+0x174/0x204)
> [102110.045836] [<c064c1ac>] (max31790_read) from [<c0646fdc>]
> (hwmon_attr_show+0x44/0x138)
> ...
>
> A similar error can also happen when setting the fan speed to 0 RPM.
> That's, however, not an error caused by this patch series AFAIK. I *think*
> that RPM_TO_REG should be changed to check if `rpm` is 0, and if so, set
> the register directly to the maximal value of 0x7ff (in another patch).
>
> With kind regards,
> Jan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ