From: Bjorn Helgaas <bhelgaas@google.com>
To: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Grant Likely <grant.likely@linaro.org>,
Rob Herring <robh+dt@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Jakub Sitnicki <jsitnicki@gmail.com>,
Vivek Goyal <vgoyal@redhat.com>,
Jiang Liu <jiang.liu@linux.intel.com>,
Mike Travis <travis@sgi.com>, Thierry Reding <treding@nvidia.com>,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org
Subject: Re: [PATCH v3 1/4] kernel/resource: Invalid memory access in __release_resource
Date: Wed, 22 Apr 2015 11:47:01 -0500 [thread overview]
Message-ID: <20150422164701.GJ20701@google.com> (raw)
In-Reply-To: <1429719261-18024-2-git-send-email-ricardo.ribalda@gmail.com>
On Wed, Apr 22, 2015 at 06:14:18PM +0200, Ricardo Ribalda Delgado wrote:
> When a resource is initialized via of_platform_populate.
> resource->parent is initialized to NULL via kzalloc.
> (of_platform_populate->of_device_alloc->of_address_to_resource)
>
> If of_platform_depopulate is called later, resource->parent is
> accessed (Offset 0x30 of address 0), causing a kernel error.
>
> This patch evaluates resouce->parent before accessing it. If it
> is not initialized, -EACCESS is returned.
>
> Also a WARN is thrown, so the developer can have a hint about what
> needs to be fixed.
>
> Fixes:
> BUG: unable to handle kernel NULL pointer deference at 0000000000000030
> IP: release_resource+0x26/0x90
> Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
> ---
> kernel/resource.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/resource.c b/kernel/resource.c
> index 90552aa..b7b270f 100644
> --- a/kernel/resource.c
> +++ b/kernel/resource.c
> @@ -237,6 +237,9 @@ static int __release_resource(struct resource *old)
> {
> struct resource *tmp, **p;
>
> + if (WARN_ON(!old->parent))
> + return -EINVAL;
I'm not really a fan of this. The NULL pointer oops is a very good clue
all by itself, and it doesn't require any extra code here.
> p = &old->parent->child;
> for (;;) {
> tmp = *p;
> --
> 2.1.4
>
next prev parent reply other threads:[~2015-04-22 16:47 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-22 16:14 [PATCH v3 0/4] Fix null pointer deference when calling of_platform_depopulate Ricardo Ribalda Delgado
2015-04-22 16:14 ` Ricardo Ribalda Delgado
2015-04-22 16:14 ` [PATCH v3 1/4] kernel/resource: Invalid memory access in __release_resource Ricardo Ribalda Delgado
2015-04-22 16:47 ` Bjorn Helgaas [this message]
[not found] ` <20150422164701.GJ20701-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2015-04-23 8:06 ` Ricardo Ribalda Delgado
2015-04-23 8:06 ` Ricardo Ribalda Delgado
2015-04-22 16:14 ` [PATCH v3 2/4] base/platform: Only insert MEM and IO resources Ricardo Ribalda Delgado
2015-04-22 16:14 ` [PATCH v3 3/4] base/platform: Continue on insert_resource() error Ricardo Ribalda Delgado
[not found] ` <1429719261-18024-4-git-send-email-ricardo.ribalda-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-04-22 16:44 ` Bjorn Helgaas
2015-04-22 16:44 ` Bjorn Helgaas
[not found] ` <20150422164457.GI20701-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2015-04-23 7:55 ` Ricardo Ribalda Delgado
2015-04-23 7:55 ` Ricardo Ribalda Delgado
2015-04-23 13:26 ` Bjorn Helgaas
[not found] ` <20150423132637.GK20701-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2015-04-23 16:54 ` Thierry Reding
2015-04-23 16:54 ` Thierry Reding
2015-04-22 16:14 ` [PATCH v3 4/4] of/platform: Use platform_device interface Ricardo Ribalda Delgado
[not found] ` <1429719261-18024-5-git-send-email-ricardo.ribalda-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-04-22 16:25 ` Rob Herring
2015-04-22 16:25 ` Rob Herring
2015-04-23 7:28 ` Ricardo Ribalda Delgado
[not found] ` <CAPybu_3Ej2ecFDTiJVL9TfE=ZLFN2wLKE_nFL2WjMQtk+4LO_A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-04-23 13:49 ` Ricardo Ribalda Delgado
2015-04-23 13:49 ` Ricardo Ribalda Delgado
2015-05-24 19:29 ` [PATCH v3.1 " Greg Kroah-Hartman
2015-05-24 19:29 ` Greg Kroah-Hartman
[not found] ` <20150524192915.GA7170-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-26 7:26 ` Ricardo Ribalda Delgado
2015-05-26 7:26 ` Ricardo Ribalda Delgado
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150422164701.GJ20701@google.com \
--to=bhelgaas@google.com \
--cc=akpm@linux-foundation.org \
--cc=devicetree@vger.kernel.org \
--cc=grant.likely@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=jiang.liu@linux.intel.com \
--cc=jsitnicki@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ricardo.ribalda@gmail.com \
--cc=robh+dt@kernel.org \
--cc=travis@sgi.com \
--cc=treding@nvidia.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.