lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <u7x6ckgtetuvgxaalqcxwsv25xvvcjdcehpsysbvxjqygzjokz@bwogeb2ne2cw>
Date: Wed, 30 Apr 2025 20:03:11 -0700
From: Dmitry Torokhov <dmitry.torokhov@...il.com>
To: Hanno Böck <hanno@...eck.de>
Cc: linux-input@...r.kernel.org, linux-kernel@...r.kernel.org, 
	david@...t.cz
Subject: Re: linux/rmi4 driver: "BUG: kernel NULL pointer dereference" when
 accessing update_fw_status or bootloader_id

Hi Hanno,

On Wed, Apr 30, 2025 at 09:38:16PM +0200, Hanno Böck wrote:
> Hi,
> 
> I noticed that trying to read some sysfs entries created by the rmi4
> driver cause a kernel oops (BUG: kernel NULL pointer dereference).
> 
> This can be triggered simply by running cat on these files, also as a
> user. Tested on a current vanilla kernel (6.14.4).
> It happens when trying to read from one of these files (exact path
> likely will differ depending on system):
> /sys/devices/pci0000:00/0000:00:1f.4/i2c-6/6-002c/rmi4-00/update_fw_status
> /sys/devices/pci0000:00/0000:00:1f.4/i2c-6/6-002c/rmi4-00/bootloader_id
> 
> This is on a Lenovo X1 Carbon 2018 edition, lsusb lists the touchpad as:
> Bus 001 Device 010: ID 06cb:009a Synaptics, Inc. Metallica MIS Touch
> Fingerprint Reader
> 
> The dmesg output for an access to bootloader_id:
> [   68.184846] BUG: kernel NULL pointer dereference, address: 0000000000000008
> [   68.184866] #PF: supervisor read access in kernel mode
> [   68.184875] #PF: error_code(0x0000) - not-present page
> [   68.184882] PGD 0 P4D 0 
> [   68.184892] Oops: Oops: 0000 [#1] SMP
> [   68.184902] CPU: 6 UID: 1000 PID: 4704 Comm: cat Tainted: G     U             6.14.4 #2
> [   68.184915] Tainted: [U]=USER
> [   68.184919] Hardware name: LENOVO 20KHCTO1WW/20KHCTO1WW, BIOS N23ET90W (1.65 ) 11/07/2024
> [   68.184926] RIP: 0010:rmi_driver_bootloader_id_show+0x1d/0x60

Do you have anything earlier in your dmesg referencing "F34" by chance?

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ