From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 31F6BC43334 for ; Fri, 1 Jul 2022 09:53:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Message-ID:MIME-Version:References: In-Reply-To:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=kPUZw95kBqJ8quh9uLE/n0pTRrNpOi5+KLzyRUSOnl4=; b=J4xMLtW9ryDqfx BaXgCNNqMkYKeWhMStj6GjhVCgTygCQjywRWMQfZ7hnMVtkXiPTMYf77VlawCW88xqerH7qpIbJzy JceUtXZ/pw1fO7JoH3RX4J1UkFGKSTiQZGOtiajBJfRuP45iUFcvWtrHi8tsOgE7ypNt2Z0WwouXl k7bKteyvyDxVmmsnUKVoxfVNPJta+vfrxsvFvzyAZ1XBWardZL8vgvJjGwuE4/3Rz7xiMz8XmRqHo DrIqrLqZ3yMr1qqs+jvfkQSWMuxXMcXCZ8gNEl1SdpiJ5ObRKsuvxdFOTyFIBG+ns3UNkFy3Vn7oN +/cw5LbIaE/yGTwmqLXQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7DKH-003x0v-Mz; Fri, 01 Jul 2022 09:52:37 +0000 Received: from m1345.mail.163.com ([220.181.13.45]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7DKE-003wzC-58 for linux-arm-kernel@lists.infradead.org; Fri, 01 Jul 2022 09:52:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=BFKPn FK2pUUUs29uImitJOT1oXhn6TNBtWFwHBX7s9I=; b=eHbG5LtycY8T27/U2ZFZr FCzb2bnsngza9Sne9/8IQbCZDkAe367FNxNTuK7INakixPptYEd6C95rwjUfT3hC t78QMl1jBrWjtr9qVywS1GzXx9b5qwXbmhd9qv5uD72nkPNGKe85Fm1lnzEtWr7i 6190yJ+qW1k8NBZgYOpQIo= Received: from 15815827059$163.com ( [111.48.58.12] ) by ajax-webmail-wmsvr45 (Coremail) ; Fri, 1 Jul 2022 17:52:18 +0800 (CST) X-Originating-IP: [111.48.58.12] Date: Fri, 1 Jul 2022 17:52:18 +0800 (CST) From: huhai <15815827059@163.com> To: "Sudeep Holla" Cc: cristian.marussi@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, luriwen@kylinos.cn, liuyun01@kylinos.cn, huhai , k2ci Subject: Re:Re: [PATCH] firmware: arm_scpi: Fix error handle when scpi probe failed X-Priority: 3 X-Mailer: Coremail Webmail Server Version XT5.0.13 build 20220113(9671e152) Copyright (c) 2002-2022 www.mailtech.cn 163com In-Reply-To: <20220701094212.snsnbdjc7hia5oti@bogus> References: <20220701061606.151366-1-15815827059@163.com> <20220701094212.snsnbdjc7hia5oti@bogus> MIME-Version: 1.0 Message-ID: <6332f2cd.5b98.181b92ced64.Coremail.15815827059@163.com> X-Coremail-Locale: zh_CN X-CM-TRANSID: LcGowAAnUzrSw75iCRcdAA--.39784W X-CM-SenderInfo: rprvmiivyslimvzbiqqrwthudrp/1tbiwAQxhVXlv1scogADsZ X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220701_025234_621280_0D8F572D X-CRM114-Status: GOOD ( 10.86 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org >On Fri, Jul 01, 2022 at 02:16:06PM +0800, huhai wrote: >> From: huhai >> >> When scpi probe fails, do not just return the error code, but also reset >> the global scpi_info to NULL, otherwise scpi_hwmon_probe() may get a UAF >> and cause panic: >> > >Interesting, which platform are you using this on ? SCPI is deprecated for >a while, please switch to SCMI which is well maintained both in terms of >specification and support in the kernel. I also assume this is 64-bit >platform, so I don't want you to get stuck in future because of lack >of some feature in SCPI. Please see if you can migrate to SCMI. > >> scpi_protocol FTSC0001:00: incorrect or no SCP firmware found >> ... ... >> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 >> Mem abort info: >> > >[...] > >I think we don't see to make it complex. Can't it be as simple as: > >Regards, >Sudeep > >-->8 > >diff --git i/drivers/firmware/arm_scpi.c w/drivers/firmware/arm_scpi.c >index ddf0b9ff9e15..6fa1a5b193b8 100644 >--- i/drivers/firmware/arm_scpi.c >+++ w/drivers/firmware/arm_scpi.c >@@ -799,7 +799,7 @@ static struct scpi_ops scpi_ops = { > > struct scpi_ops *get_scpi_ops(void) > { >- return scpi_info ? scpi_info->scpi_ops : NULL; >+ return scpi_info && scpi_info->scpi_ops ? scpi_info->scpi_ops : NULL; I don't think it work well, because it's a UAF and scpi_info->scpi_ops could be any value set by others. > } > EXPORT_SYMBOL_GPL(get_scpi_ops); _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel