lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 May 2021 14:30:59 -0700
From:   Dmitry Torokhov <dmitry.torokhov@...il.com>
To:     Takashi Iwai <tiwai@...e.de>
Cc:     linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] Input: elants_i2c - Fix NULL dereference at probing

Hi Takashi,

On Thu, May 27, 2021 at 07:31:53PM +0200, Takashi Iwai wrote:
> The recent change in elants_i2c driver to support more chips
> introduced a regression leading to Oops at probing.  The driver reads
> id->driver_data, but the id may be NULL depending on the device type
> the driver gets bound.
> 
> Replace the driver data extraction with the device_get_match_data()
> helper, and define the driver data in OF table, too.
> 
> Fixes: 9517b95bdc46 ("Input: elants_i2c - add support for eKTF3624")
> BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1186454
> Cc: <stable@...r.kernel.org>
> Signed-off-by: Takashi Iwai <tiwai@...e.de>
> ---
> v1->v2: Use device_get_match_data()
> 
>  drivers/input/touchscreen/elants_i2c.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/input/touchscreen/elants_i2c.c b/drivers/input/touchscreen/elants_i2c.c
> index 17540bdb1eaf..29b5bb03cff9 100644
> --- a/drivers/input/touchscreen/elants_i2c.c
> +++ b/drivers/input/touchscreen/elants_i2c.c
> @@ -1396,7 +1396,7 @@ static int elants_i2c_probe(struct i2c_client *client,

Might want to switch to probe_new() to avoid same/similar issue down
the road, either in the same patch or in a separate one.


>  	init_completion(&ts->cmd_done);
>  
>  	ts->client = client;
> -	ts->chip_id = (enum elants_chip_id)id->driver_data;
> +	ts->chip_id = (enum elants_chip_id)device_get_match_data(&client->dev);

I think this might need to go through an intermediate cast to shut up
compiler warnings:

	ts->chip_id = (enum elants_chip_id)(uintptr_t)
			device_get_match_data(&client->dev);

>  	i2c_set_clientdata(client, ts);
>  
>  	ts->vcc33 = devm_regulator_get(&client->dev, "vcc33");
> @@ -1636,8 +1636,8 @@ MODULE_DEVICE_TABLE(acpi, elants_acpi_id);
>  
>  #ifdef CONFIG_OF
>  static const struct of_device_id elants_of_match[] = {
> -	{ .compatible = "elan,ekth3500" },
> -	{ .compatible = "elan,ektf3624" },
> +	{ .compatible = "elan,ekth3500", .data = EKTH3500 },
> +	{ .compatible = "elan,ektf3624", .data = EKTF3624 },

As the bot mentioned this needs a cast.

>  	{ /* sentinel */ }
>  };
>  MODULE_DEVICE_TABLE(of, elants_of_match);
> -- 
> 2.26.2
> 

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ