From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751450AbeAYVvj (ORCPT ); Thu, 25 Jan 2018 16:51:39 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:53142 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751174AbeAYVvh (ORCPT ); Thu, 25 Jan 2018 16:51:37 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 4CF096032C Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=sboyd@codeaurora.org Date: Thu, 25 Jan 2018 13:51:35 -0800 From: Stephen Boyd To: Timur Tabi Cc: Linus Walleij , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Andy Shevchenko , Bjorn Andersson , linux-gpio@vger.kernel.org, devicetree@vger.kernel.org Subject: Re: [PATCH 3/3] pinctrl: qcom: Don't allow protected pins to be requested Message-ID: <20180125215135.GY28313@codeaurora.org> References: <20180110015848.11480-1-sboyd@codeaurora.org> <20180110015848.11480-4-sboyd@codeaurora.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/22, Timur Tabi wrote: > On 1/9/18 7:58 PM, Stephen Boyd wrote: > >+ ret = device_property_read_u16_array(pctrl->dev, "gpios", tmp, > >+ len); > >+ if (ret < 0) { > >+ dev_err(pctrl->dev, "could not read list of GPIOs\n"); > >+ kfree(tmp); > >+ return ret; > >+ } > > Just FYI, I'm still going to have to parse "gpios" in my > pinctrl-qdf2xxx.c driver, even though you're also parsing it here. > That's because I need to make sure that the msm_pingroup array only > contains "approve" addresses in its ctl_reg fields. > > + for (i = 0; i < avail_gpios; i++) { > + unsigned int gpio = gpios[i]; > + > + groups[gpio].npins = 1; > + snprintf(names[i], NAME_SIZE, "gpio%u", gpio); > + pins[gpio].name = names[i]; > + groups[gpio].name = names[i]; > + > + groups[gpio].ctl_reg = 0x10000 * gpio; > ^^^^ > > I do this because I need to make sure that "unapproved" physical > addresses are never store anywhere in groups[]. That way, it's > impossible for the driver to cause an XPU violation -- the worst > that can happen is a null pointer dereference. > Sorry I don't get it. Is that some sort of hardening requirement? If the framework doesn't cause those pins to be touched I fail to see how it could hurt to have the other addresses listed. I'm sure with some effort protected addresses could be crafted in other ways to cause an XPU violation to the same place. -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project