lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 11 Jun 2021 20:19:35 +0200
From:   Henning Schild <henning.schild@...mens.com>
To:     Andy Shevchenko <andy.shevchenko@...il.com>
Cc:     Mika Westerberg <mika.westerberg@...ux.intel.com>,
        "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        Andy Shevchenko <andy@...nel.org>,
        "Linus Walleij" <linus.walleij@...aro.org>
Subject: Re: [PATCH] pinctrl: intel: fix NULL pointer deref

Am Thu, 10 Jun 2021 18:28:31 +0300
schrieb Andy Shevchenko <andy.shevchenko@...il.com>:

> On Thu, Jun 10, 2021 at 06:00:29PM +0300, Andy Shevchenko wrote:
> > On Thu, Jun 10, 2021 at 5:56 PM Henning Schild
> > <henning.schild@...mens.com> wrote:  
> > >
> > > Am Thu, 10 Jun 2021 17:32:46 +0300
> > > schrieb Andy Shevchenko <andy.shevchenko@...il.com>:
> > >  
> > > > On Thu, Jun 10, 2021 at 05:25:04PM +0300, Andy Shevchenko
> > > > wrote:  
> > > > > On Wed, Jun 09, 2021 at 01:08:16PM +0200, Henning Schild
> > > > > wrote:  
> > > > > > Am Wed, 9 Jun 2021 13:33:34 +0300
> > > > > > schrieb Andy Shevchenko <andy.shevchenko@...il.com>:  
> > > > >
> > > > > ...
> > > > >  
> > > > > > In order to use GPIO from the drivers i need to make sure
> > > > > > "broxton-pinctrl" comes up even if p2sb is hidden.
> > > > > >
> > > > > > Long story short, i thought the patch was simple enough to
> > > > > > merge even taken out of my special context.
> > > > > >
> > > > > > Currently intel_pinctl only works if "ps2b is not hidden by
> > > > > > BIOS" or "ACPI tables are correct", lifting the ban on the
> > > > > > hidden p2sb seems like a useful thing in general (i.e.
> > > > > > sysfs gpio interface). And i was hoping Andy would take the
> > > > > > lead on that. It is something my Siemens drivers would
> > > > > > depend on, but really a generic thing as far as i
> > > > > > understand it.  
> > > > >
> > > > > From p2sb series discussion it appears that this patch is not
> > > > > needed. The case is when BIOS already provides an ACPI device.
> > > > >
> > > > > So, the initial bug is in that series that needs to check if
> > > > > the ACPI device is exposed and forbid platform device
> > > > > instantiation in that case.  
> > > >
> > > > Actually, I'm still thinking how this ever possible. We have all
> > > > drivers to provide SoC data pointers. match data may be NULL if
> > > > and only if the ACPI device provided is a new one that doesn't
> > > > provide a SoC data.
> > > >
> > > > So, w/o seeing ACPI table, I'm really puzzled here.  
> > >
> > > Not sure what exactly you mean. Let us kill this thread and
> > > ignore the patch. It was posted out of context and the NULL deref
> > > code-path does not exist in the kernel, so the check is not
> > > needed.
> > >
> > > I will revisit the machine where your patch-series did lead to a
> > > double-init and EBUSY on claiming those memory ressources. And i
> > > will add ACPI info there as well.  
> > 
> > I guess I got what's going on here. When we create a platform device
> > we get an associated companion device (which is parent in this case
> > of LPC) and that's why when we try enumerating it you have got the
> > first branch chosen.  
> 
> I have just sent another patch based on this report. Can you please
> test it?

Thanks, that fixed the NULL deref introduced by " [rfc, PATCH v1 0/7]
PCI: introduce p2sb helper", so it should be added to a v2 i guess.

A remaining cosmetic issue is this ...
[    4.131578] broxton-pinctrl apollolake-pinctrl.0: can't request region for resource [mem 0xd0c50000-0xd0c5076b 64bit]
[    4.131669] broxton-pinctrl: probe of apollolake-pinctrl.0 failed with error -16

For all 4 parts. I guess it could detect being already loaded via ACPI
end EBUSY out with INFO instead of ERR.

And i guess if the probing was - for some reason - the other way
around. /sys/class/gpio/gpiochip267/label would be either "INT3452:03"
or "apollolake-pinctrl.3" and a driver building on top would need to
deal with that chip having one of the two names.
I imagine the probing order could change when ACPI gains table entries
with a BIOS update, or looses table entries ...

GPIO_LOOKUP_IDX("apollolake-pinctrl.0" vs. "INT34.."

Same for a userland component using the sysfs GPIO interface and
looking for the chip by "label".

regards,
Henning

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ